Avast JS:Pdfka-PK infection warning with jQuery.min.js but jQuery.js works good

Question

In our Client site we got Avast JS:Pdfka-PK in one of our page which has swf file. And avast is not allowing us to open this page at all. I already spent one whole day and not sure where the issue is.

enter image description here

Any help is greatly appreciated. Thanks in advance.

I am using Mac Mountain Lion and Chrome 33 and Avast latest version.

More Googling I found this link yes we download some files from from remote server and show. But those files are not harmful, like to know how to overcome this.

My Apologies for scattered details.

Following are my latest findings.

Following is the code which is giving the Avast warning.

surveyAccept: function() {
    var page = "http://" + window.location.hostname;
    var windowprops = "width=100,height=100,location=no,toolbar=no,menubar=no,scrollbars=yes,resizable=yes";
    var PopWindow = window.open(page, "_blank", "", windowprops);

    window.setTimeout(window.focus, 500);

    if (PopWindow) {
        exitSurveyHTML = this.getNewWindowHTML();
        PopWindow.document.write(exitSurveyHTML);
        PopWindow.document.close( );

        if (navigator.userAgent.indexOf('Chrome/') > 0){
            window.focus();
        }

        PopWindow.blur();

        if (navigator.userAgent.indexOf('Firefox/4') > 0){
            window.open("", "_self", "");
        }
    }

},

getNewWindowHTML : function (){
    var exitSurveyLink = "sample link";

    windowHTML = '';
    windowHTML += '<!DOCTYPE HTML>';
    windowHTML += '<html>';
    windowHTML += '<script type="text/javascript">';
    windowHTML += 'var i;';
    windowHTML += 'var lastseen = window.opener.location.hostname;';
    windowHTML += 'function CheckParent() {';
    windowHTML += 'try {';
    windowHTML += 'var host = window.opener.location.hostname;';
    windowHTML += 'if (host != lastseen){';
    windowHTML += 'lastseen = host;';
    windowHTML += '}';
    windowHTML += 'return;';
    windowHTML += '} catch(error){';
    windowHTML += 'clearInterval(i);';
    windowHTML += 'moveTo(screen.width/2-450,screen.height/2-300);';
    windowHTML += 'resizeTo(900,600);';
    windowHTML += 'this.focus();';
    windowHTML += 'this.location="' + exitSurveyLink + '";';
    windowHTML += '}';
    windowHTML += '}';
    windowHTML += 'i = setInterval("CheckParent()", 500);';
    windowHTML += '<\/script>';
    windowHTML += '<\/body>';
    windowHTML += '<\/html>';
    return windowHTML;
}

The lines after Check parent is giving Avast warning if we user jQuery.min.js if I use jQuery.js I do not get Avast warning. If I compress jQuery.js using YUI compressor online I am not getting any issues with Avast.

I have also tried introducing lot of string concordination in the code still I get the Avast warning.

I like to know why I get Avast warning when I user jQuery.min.js which is given by jQuery but not in jQuery.js.

This is really strange.

Have you tried posting this on the avast forums? I Googled your error and found something similar. Try updating your Java to the latest version. Have a look at this page. http://forum.avast.com/index.php?topic=43660.0 — Spedwards, Mar 20 '14 at 01:10
@Spedwards, Thanks for your findings. The issue was not on the Java when I have jquery.min.js it is causing issue but if I put jQuery.js there is no issues with Awast.. let me update the question with my recent findings. — Dilip Rajkumar, Mar 20 '14 at 05:14
I have to ask, where are you getting your jQuery from? If you get no issues with the un-minified version of jQuery, use a minifier online and see if you then have any problems. — Spedwards, Mar 20 '14 at 07:45
Yes I did that, if I use YUI compressor to compress jQuery i do not get any issues but if I use the min version given by jQuery I get issues. Any thoughts on that.. — Dilip Rajkumar, Mar 20 '14 at 09:15
I added more details to the question.. Thanks for your help. — Dilip Rajkumar, Mar 20 '14 at 09:29
It sounds like a false positive. I would report it to Avast along with any relevant details. The code you're using to generate the exit survey popup is written in a suspicious/strange way. Maybe consider re-writing it to not document.write a script tag to the popup window and instead just use plain javascript. — nderscore, Mar 21 '14 at 02:46

score 1 · Answer 1 · edited Mar 24 '14 at 06:36

1

Some of the normal code behaviour are mostly similar to a malware activity.

Its impossible to build a perfect detection system for any antivirus, i am hopping that auto virus detection that avast is using is conflicting with the same code structucture in the minified jquery file you have.

work around:

just download a min version from google cdn or jquery cdn and try to use it (if its not detected as any malware)

i have faced similar issue with Panda Internet security auto detection mechanism. some times more secure detection algorithm falsely catches a non malware code too.

you can report false positives here.

and wait for avast to update their database to resolve this issue.

edited Mar 24 '14 at 06:36

Blu

4,036
6
38
65

answered Mar 24 '14 at 06:27

Jeba Prince

1,669
4
22
41

Hi thanks Price, I have already tried it and still getting the issue with jQuery min version and not with jQuery un min version. I use both from jQuery CDN. – Dilip Rajkumar Mar 24 '14 at 07:24
does your avast blocking the sites using the same CDN url? – Jeba Prince Mar 24 '14 at 07:33
I download from the CDN and have it in my local. The problem is not in the jQuery. its with jQuery + my Code. – Dilip Rajkumar Mar 24 '14 at 07:38
are you running your files from any local file system or from any local server(apache)(some http server)? or the location of your webpage is some thing like (localfile system)\folder\xxx.html – Jeba Prince Mar 24 '14 at 07:47
if you are not running from any local http server. i recomend you to use one http://www.wampserver.com/en/ . if you need more assistance in wamp server let me know. – Jeba Prince Mar 24 '14 at 07:51
This is something to do with the above code I have given. Which is not working good with jQuery.min.js – Dilip Rajkumar Mar 24 '14 at 08:36
You could reproduce it by having jquery.min.js and the above mentioned code in a html file and having avast running on your system. – Dilip Rajkumar Mar 24 '14 at 08:37
nice.... but i don't see any code above which is using jquery, its a pure javascript – Jeba Prince Mar 24 '14 at 08:37
Yes Prince, there are some other code which uses jQuery.. but the warning happens only when I place this code.. else it works good.. – Dilip Rajkumar Mar 24 '14 at 08:39
hmm that sounds odd. let me try to reproduce that... i dont use avast any more actually. – Jeba Prince Mar 24 '14 at 08:42
I never used Avast.. Only to resolve this issue I installed it.. I finally resolved it by putting jQuery.js.. Still I am interested to know.. – Dilip Rajkumar Mar 24 '14 at 08:44
just curious, y do you use join in some place and += in some place. – Jeba Prince Mar 24 '14 at 08:50
Ooops that as a wrong code.. I was trying to check whether the issue was because of += so I tried Join.. let me revert the code.. thanks for pointing out.. – Dilip Rajkumar Mar 24 '14 at 09:20
so with out this two functions avast will never give any error right. i think you are doing some thing wrong in your code, may be you should not even look into jquery min or normal version here... if you help me understand what this function does, i migfht be able to re-write the same code in a mature way. – Jeba Prince Mar 24 '14 at 10:12
have you tried the same page in different browser? is avast blocking those aswell? – Jeba Prince Mar 24 '14 at 10:13
This code opens a new window with a html code.. Then it listens the parent window.. Once the parent window is closed we show the survey page.. – Dilip Rajkumar Mar 24 '14 at 10:14

Jeba Prince · Answer 2 · 2014-03-24T10:57:46.680

Can you try replacing the your code with the following code:

var exitSurveyLink = "http://survey.confirmit.com/";
function openSurveyPopUp()
{
    var windowprops = "width=100,height=100,location=no,toolbar=no,menubar=no,scrollbars=yes,resizable=yes";
    var PopWindow = window.open(exitSurveyLink, "_blank", "", windowprops);
    if (PopWindow) {
        var surveyHTML = this.getPopUpWindowHTMLContent();
        PopWindow.document.write(surveyHTML);
        PopWindow.document.close( );
    }
}

function getPopUpWindowHTMLContent()
{
    var windowHTML = '';
    windowHTML += '<script type="text/javascript">';
    windowHTML += 'var i;';
    windowHTML += 'var lastseen = window.opener.location.hostname;';
    windowHTML += 'function CheckParent() {';
    windowHTML += 'console.log("CheckParent"+lastseen);try {';
    windowHTML += 'var host = window.opener.location.hostname;';
    windowHTML += 'if (host != lastseen){';
    windowHTML += 'lastseen = host;';
    windowHTML += '}';

windowHTML += 'document.body.innerHTML = "<center>'+new Date()+' - Please close the   parent window<\/center>";';
    windowHTML += 'return;';
    windowHTML += '} catch(error){';  //THERE IS NO PARENT WINDOW SO IT WILL END UP IN ERROR
    windowHTML += 'clearInterval(i);';
    windowHTML += 'moveTo(screen.width/2-450,screen.height/2-300);';
    windowHTML += 'resizeTo(900,600);';
    windowHTML += 'this.focus();';
    windowHTML += 'this.location="' + exitSurveyLink + '";';
    windowHTML += '}';
    windowHTML += '}';
    windowHTML += 'i = setInterval("CheckParent()", 500);';
    windowHTML += '<\/script>';
    return windowHTML;
}

changes i have made:

you were writing 'html' and 'body' in document write, which wasn't necessary

Avast JS:Pdfka-PK infection warning with jQuery.min.js but jQuery.js works good

2 Answers2