Avast just started reporting malware in js on certain pages

[TheOtherBill]

All of a sudden I'm getting blocks and malware alerts, on various pages. It started for me on the AT&T Galaxy Note 2 forum, now I'm getting it on this page.

Infection Details
URL: http://d1ros97qkrwjf5.cloudfront.net/42/...
Infection: URL:Mal

I see that file in the html source under this:

// Main vBulletin Javascript Initialization
		vBulletin_init();
	//--> </script> <script type="text/javascript">if(!NREUMQ.f){NREUMQ.f=function(){NREUMQ.push(["load",new Date().getTime()]);var e=document.createElement("script");e.type="text/javascript";e.src=(("http:"===document.location.protocol)?"http:":"https:")+"//"+"d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js";document.body.appendChild(e);if(NREUMQ.a)NREUMQ.a();};NREUMQ.a=window.onload;window.onload=NREUMQ.f;};NREUMQ.push(["nrfj","beacon-1.newrelic.com","c0a1194d5d","198784","ZVxaNhFRXkEHW0BZWFwWexcQRF9fSXl3HVlXTkwKEVVRVg==",0,37,new Date().getTime(),"","","","",""]);</script> <script type="text/javascript">

 

[sfreemanoh]

Yeah, one of my users called about this earlier. There's a thread on Avast's site about it (http://forum.avast.com/index.php?topic=112266.0), but Avast hasn't responded yet. And I can't find anything definitive about if it's actually an issue, or false positives.

 

[Phil Nickinson]

Hey, guys. Pinged our tech team on it, and they're seeing the same thing as that avast thread. Most likely false positives. Will update if there's anything to update. (I'm not expecting there to be.)

 

[ignb]

Such tracking codes are sometimes identified as potentially unwanted by certain antivirus companies. Of course, it might be very confusing for users to decide if the threat is real or not. Especially, when guys from AV companies say it might be an privacy intrusion, etc. In your case, it's not a big deal, for example Kaspersky or ESET say the file is clean as well as many other AVs. So, I guess there's nothing to worry about.