« previous next »
Pages: [1]   Go Down

Author Topic: False positive for agraphia.net  (Read 2281 times)

0 Members and 1 Guest are viewing this topic.

nanoer

  • Guest
False positive for agraphia.net
« on: July 05, 2011, 02:29:43 AM »
Hi all,

I think that Avast Web Shield is throwing a false positive for HTML:script-inf for the website hxxp://agraphia.net It blocks the website and gives you a popup asking you to "Abort Connection"

Not sure how valid proof this is that the site is clean but:
http://www.unmaskparasites.com/security-report/?page=www.agraphia.net

Edit to add Virus Total links:
http://www.virustotal.com/url-scan/report.html?id=b8a401c1e16fe3eb13a6ae82840a4aee-1296531023
http://www.virustotal.com/file-scan/report.html?id=464e69ec89872bd322d53c3de4e7b05909fbb69862ff5bf3532c7f35a0cdf200-1296534632

I think Paretologic URL scan might also be a false positive.

The file scan shows Avast, Avast 5, and GData(which uses Avast and BitDefender I think) are the only ones that find malware on this site.
« Last Edit: July 05, 2011, 02:34:14 AM by nanoer »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: False positive for agraphia.net
« Reply #1 on: July 05, 2011, 03:41:19 AM »
The network shield is also blocking the domain now, probably as a result of multiple alerts by the web shield feeding back into the avast! CommunityIQ feature.

I too only got those three results in the VT scan, but for some reason the MD5 hash is different. I had a look at the home page source code and I couldn't see anything obvious.

URLVoid finds three hits Parentlogic as you mentioned, MyWOT and HpHosts, so still a little wriggle room. http://www.urlvoid.com/scan/agraphia.net


- There is a new on-line contact form, http://www.avast.com/contact-form.php?loadStyles for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.
- If you are reporting an FP, then you get another input field open, click Browse button and enter the web URL for the site you wish to submit for review (network & web shield), etc. I would give a link to this topic also.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: False positive for agraphia.net
« Reply #2 on: July 05, 2011, 10:10:31 AM »
Hello,

Your domains has been blocked because of malware distributed through it - through exploit located at hxxp://www.agraphia.net/counter/pdf.php -> this looks to be removed now.

Block will be removed in the next vps update, but might occur again, if we would encounter another malicious files on your domain.

Best Regards
J. Sejtko
Logged
Pages: [1]   Go Up
« previous next »