Author Topic: avast blocking piriform forum  (Read 3341 times)

Offline JohnnyBob

  • Full Member
  • ***
  • Posts: 199
  • Peace
    • Personal Message (Offline)
avast blocking piriform forum
« on: November 02, 2012, 05:35:54 AM »
avast blocking piriform forum

http://forum.piriform.com/

Sometimes I get an avast popup saying it is blocking a virus, sometimes not, but I always get:

Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23

anybody else?
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 25.0 & IE8, Outlook Express.

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24907
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline JohnnyBob

  • Full Member
  • ***
  • Posts: 199
  • Peace
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #2 on: November 02, 2012, 06:23:46 AM »
Thanks for the links. The first time I tried the zscaler.com link, it said forum.piriform.com is OK. The second time is said it is malicious. The securi.net link reports it as malicious.

forum.piriform.com is an old established forum. I don't go there frequently so don't know how long this problem has existed. Of course they could be infected but I doubt it. I suspect it's just a bug in their code. I tried to email their webmaster but it was returned as undeliverable.
« Last Edit: November 02, 2012, 06:28:55 AM by JohnnyBob »
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 25.0 & IE8, Outlook Express.

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24907
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #3 on: November 02, 2012, 06:29:11 AM »
1. Thanks for the links.
2. I've emailed their webmaster.

1. You're welcome.
2. Good.
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21682
  • Gender: Male
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #4 on: November 02, 2012, 06:36:45 AM »
Quote
Of course they could be infected but I doubt it.
of cours not....avast must be wrong  ;)

http://urlquery.net/report.php?id=77737

and the site seems to be down now


we have a article somwhere in here (cant find the link now) about infected websites hacked/found every 3,5sek


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24907
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #5 on: November 02, 2012, 06:38:45 AM »
Quote
Of course they could be infected but I doubt it.
of cours not....avast must be wrong  ;)

They always say that... ::)
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline JohnnyBob

  • Full Member
  • ***
  • Posts: 199
  • Peace
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #6 on: November 02, 2012, 06:48:46 AM »
According to the following 2 testers, forum.piriform.com is up
http://www.isup.me/forum.piriform.com
http://host-tracker.com/check_res_ajx/11494891-0/
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 25.0 & IE8, Outlook Express.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21682
  • Gender: Male
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #7 on: November 02, 2012, 06:50:19 AM »
found it

Every 3.6 seconds a website is infected
http://www.scmagazine.com/every-36-seconds-a-website-is-infected/article/140414/

noting is 100% secure......
and the more people that visit a site, the more interesting it is for thew bad guys to infect as they fish in the pond that have most fish.....bigger chanse that somone take the bait
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21682
  • Gender: Male
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #8 on: November 02, 2012, 06:52:04 AM »
According to the following 2 testers, forum.piriform.com is up
http://www.isup.me/forum.piriform.com
http://host-tracker.com/check_res_ajx/11494891-0/

see the urlQuery link i posted above.....click the picture in top right corner
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28969
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #9 on: November 02, 2012, 01:09:48 PM »
Any site can get infected... Geeks to Go was hit about a year back, only Avast spotted it.  The site was down for a day whilst they cleared the redirect malware

EDIT:  A hack has been confirmed, cleaning it now 
« Last Edit: November 02, 2012, 01:29:44 PM by essexboy »

Offline JohnnyBob

  • Full Member
  • ***
  • Posts: 199
  • Peace
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #10 on: November 02, 2012, 01:36:41 PM »
I'm not getting the avast block anymore (are you?), just
Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 41
So I think this is a case of a buggy website, not a virus. They've cut themselves off from the outer world by making their registration private and not providing a working email address to contact them. So they may still be unaware.
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 25.0 & IE8, Outlook Express.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #11 on: November 02, 2012, 01:56:11 PM »
there is infection there...better not go there  ::)

Offline JohnnyBob

  • Full Member
  • ***
  • Posts: 199
  • Peace
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #12 on: November 02, 2012, 02:04:36 PM »
there is infection there...better not go there  ::)
I can't. Apparently nobody can because of the website coding bug. It's not working. I doubt that it is a virus.
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 25.0 & IE8, Outlook Express.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28969
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #13 on: November 02, 2012, 02:05:56 PM »
Neither Eset nor MBAM will allow you to go there , so methinks an infection is the best bet

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: avast blocking piriform forum
« Reply #14 on: November 02, 2012, 02:07:16 PM »
Lets put it this way, why would piriform.com, a UK Company, be connecting to a Russian IP address (rather than a plain language domain name), at best that is obfuscation, at worst highly suspect.

http://en.wikipedia.org/wiki/Piriform_%28company%29.
Quote
"Piriform is a privately owned software house based in the West End of London, UK"

Though server appears to be in Texas.

When this is in relation to an iframe, I get even more suspicious as it reeks of iframe injection. Look further and you will find that the 46.166.147.133 IP address is on the avast malicious sites list and WOT doesn't like it either. I'm sure if you do any further analysis on the 46.166.147.133 IP you will no doubt find more, so it looks like an iframe injection attack on piriform.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now