URL:Mal And Html:Script-Inf

[CyberHacker]

Hay,Guys

I have been getting a URL:Mal waring when i visit a popular file hosting site



It seemed like the, Network shield was blocking it so i had to turned it off, Then the web shield, Starting giving HTML:script-inf waring



I am not sure what the problem is, But i wood really like to know,

Jest incase no one has notice the domain in question is "filesonic.in"

Update: Seems like the problem is solved, Site is working without any warning from avast.

[doktornotor]

Cannot reproduce (and I have heuristics on high everywhere).

[yongsua]

Possible FP

Report   2011-03-21 06:18:04 (GMT 1)
Website   filesonic.in
Domain Hash   e55c9c32c22cb6ef499636f61b66adc5
IP Address   78.140.176.180 [SCAN]
IP Hostname   v-4-kt26-d864-180.webazilla.com
IP Country    NL (Netherlands)
AS Number   35415
AS Name   WEBAZILLA WebaZilla European Network
Detections   0 / 20 (0 %)
Status   CLEAN
Scanning site with:   AMaDa    CLEAN
Scanning site with:   BrowserDefender    CLEAN
Scanning site with:   DNS-BH    CLEAN
Scanning site with:   DShield SDL    CLEAN
Scanning site with:   Google Diagnostic    CLEAN
Scanning site with:   hpHosts    UNRATED
Scanning site with:   joewein.de LLC    CLEAN
Scanning site with:   Malware Domain List    CLEAN
Scanning site with:   Malware Patrol    CLEAN
Scanning site with:   MyWOT    CLEAN
Scanning site with:   Norton SafeWeb    CLEAN
Scanning site with:   ParetoLogic URL Clearing House    CLEAN
Scanning site with:   PhishTank    CLEAN
Scanning site with:   SpamhausDBL    CLEAN
Scanning site with:   SURBL    CLEAN
Scanning site with:   Threat Log    CLEAN
Scanning site with:   TrendMicro Web Reputation    CLEAN
Scanning site with:   URIBL    CLEAN
Scanning site with:   Web Security Guard    UNRATED
Scanning site with:   ZeuS Tracker    CLEAN

[CyberHacker]

Yeah!, I also thought it was false positive but something must have triggered avast as

This was the first time avast was showing a alert on that particular domain, Maybe some

New script which was added or some kind of change.

[polonus]

But webutation has some bad review, and only a 80% score: http://www.webutation.net/go/review/filesonic.com

polonus

[Sirmer]

Hello,
This is a false positive. Problem was that we had a several pages in our black list what were really close with this page by name.
Best Regards

[slymbass]

So I am not the only one getting this.

Host Avast! suddenly gone bonkers? Why am I suddenly getting this (which began today, 03-21-11) every time I got in my inbox at Yahoo mail and comicbookresources?

http://img28.imagevenue.com/img.php?image=737820320_WTF2_122_461lo.JPG
http://img121.imagevenue.com/img.php?image=737827353_WTF1_122_426lo.JPG

[DavidR]

This is unrelated to this topic other than the malware name which can be applied to multiple different sites for different causes.

There have been instances of ad organisations having the content compromised. See https://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/.

This is not to say the detection is good or otherwise, just that it is unrelated to this particular topic.

[ipod2]

So what's the fix to turn the message off if it's a false positive?

[doktornotor]

So what's the fix to turn the message off if it's a false positive?

Wait until it's fixed. Meanwhile, you can find a decent ad blocking addon for your browser. I have been getting zero messages about infected ads from avast! when messing around Yahoo (which is one of the sites all people keep complaining about today).

[slymbass]

This is unrelated to this topic other than the malware name which can be applied to multiple different sites for different causes.

...but it's unrelated???  I thought this applied to the particular error/false positive, or else why isn't Filesonic anywhere in the thread title?

There have been instances of ad organisations having the content compromised. See https://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/.

This is not to say the detection is good or otherwise, just that it is unrelated to this particular topic.

I do not follow your reasoning, but okay. In any case, I have alerted comicbookresources.com and they said they'll look into it and get back to me. Alerting yahoo on the other hand is next to impossible. If it is a case of ad "poisoning", hopefully they can fix it somehow.

I also have ad blockers installed on Firefox, no effect.

I cannot find a setting to shut it off, so any other ideas would be welcome.

[doktornotor]

I cannot find a setting to shut it off, so any other ideas would be welcome.

Yeah, go out to have a beer or two or watch TV or get some sleep until the FPs are fixed.

[slymbass]

I cannot find a setting to shut it off, so any other ideas would be welcome.

Yeah, go out to have a beer or two or watch TV or get some sleep until the FPs are fixed.

Honestly YOU sound like you need all those things more than me at this point. I'm sorry you are being inundated with these requests but it is not my fault, I am not the author of any of the false positives or ad poisonings or whatever is going on. I can wait but honestly how about YOU relax and grab a few beers yourself?

[dydx]

I just started getting an html:scrpt-inf everytime I start Explorer.  The site or file listed is l.yimg.com (I think is yahoo).  I started getting it when I opened an email.

Can someone help me please