Avast WEBforum
Other => Viruses and worms => Topic started by: burrellbuzzman on March 27, 2010, 04:03:18 PM
-
I use, Auslogics Registry Cleaner version 1.5.12.165, since i have had it, it doesnt seem to have had any updates when i was in the program today i thought i would check. so i clicked "Check for updates..." and it redirected me to a website say my version was up to date.
However, avast let me know a threat had been detected. a red box appeared saying:
"MALISIOUC URL BLOCKED
avast! Network Shield has blocked a threat.
No further action is required.
Object: google-stats.com/start.php
Infection: URL:Mal
Action: Blocked
Process: C:\Program Files (x86)\Mozzila Firefox\firefox.exe
The threat was detected and blocked just before connecting to the URL"
Is this a false positive? within the auslogics registry cleaner program there are links to the company's site as well, which i thought i would click on and again they recieved the same or similar message. In addition to avast i use the full version of malwarebytes, and this program didnt attempt to block the ip address, although i am not sure if that is the same as the threat detected with avast? Again i practise safe internet surfing and find it hard to believe a company life this would send me to malicious websites... any help would be greatly apprieciated
Thanks Rob
-
Given that the location being blocked is Object: google-stats.com/start.php not the Auslogic site, either something has hacked the site or more likely there something on another site you were visiting.
I say this because the initiating check for updates would have been independent of your default browser. Or this link is on that page and avast isn't the only one to find it malicious:
http://www.mywot.com/en/scorecard/google-stats.com (http://www.mywot.com/en/scorecard/google-stats.com)
http://www.malwaredomainlist.com/mdl.php?search=google-stats.com&inactive=on (http://www.malwaredomainlist.com/mdl.php?search=google-stats.com&inactive=on)
http://hosts-file.net/?s=google-stats.com (http://hosts-file.net/?s=google-stats.com)
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=google-stats.com (http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=google-stats.com)
-
Update, I didn't have this registry cleaner, but since it isn't very big I downloaded and installed it and I did an update check and no alert by the avast network shield. See image, I checked the page source code of the page that the registry cleaner goes to and there is no reference to google-stats.com
-
I don't use Auslogics registry cleaner, but use their Disk Defragmenter and Registry Defragmenter. I checked for updates and both lead to a Internal Server Error.
Also when I tried to go their homepage it leads me to somewhere else... I think their website is down/hacked...
-
Hi,
i am using diskdefrag by auslogics. I yesterday tried to visit the home page and got the same warning by avast.
I wrote them at 8 PM german time this morning:
Quote
Hi,
i use Disk Defrag which is very good!
But yesterday when i visited your homepage, my AV Engine (AVAST 5.0) declared your website
malicious, because it starts a link to google-stats.com/start.php. This isn't a google site!
The site then of course is blocked.
Any idea what's going on?
Best regards
Holger
Unquote
They answered promptly and asked for the exact message by avast. I sent them the message which is alike to the OP.
The only difference is the browser. Mine is IE8.
This evening the auslogics site is down. Seems they are checking...
Holger
-
Hi holgermh
This is whats wrong with google-stats.com:
General Info
Web Site Location Russian Federation
Norton Safe Web has analyzed google-stats.com for safety and security problems. Below is a sample of the threats that were found.
google-stats.com
Threat Report
Total threats found: 5
Small-whitebg-red Drive-By Downloads
Threats found: 5
Here is a complete list:
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: hxtp://google-stats.com/issue.php?key=46197ab72494e146fe84cfec995e7123&access=bf3cde039b73c49baf1cbe693fd5f264&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: htxp://google-stats.com/issue.php?key=ceebc73d7779e6a76d3d0a7f83ac9374&access=abecd59c312a2fc1c6f6138b690b5523&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: hxtp://google-stats.com/issue.php?key=a05ff1186bef98162f1e051c9dc2a1a4&access=ceebc73d7779e6a76d3d0a7f83ac9374&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: hxtp://google-stats.com/issue.php?key=e2b2e442bd0e4e8f6e3c481aaee97970&access=f638faa725ac08fc1d133277bd8338b4&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: hxtp://google-stats.com/issue.php?key=00cc962fd29befb9af34bd883e5631ea&access=7a6dbbc8f903863065e7fddc336bb8da&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1
Enough not to have a link to these redirects on your website, another site that was infected through this site was: http://safeweb.norton.com/report/show?url=articbrasil.com%2F&x=5&y=9
polonus