network shield blocks a site wrongly!

kamivh1

Guest

network shield blocks a site wrongly!

« on: June 06, 2011, 03:07:16 PM »

hi
i use avast! internet security 6.0.1091
in below pictures u see that network shield and webshield block a site.but im sure that it's safe! and i want to use this site. i excluded this url: hxtp://asrema1.co.cc but not work!

pls tell me how can i fix this problem.
also when i stopped webshield, still network shield blocked site!

« Last Edit: June 06, 2011, 03:45:35 PM by Milos »

Logged

Pondus

Probably Bot
Posts: 37534
Not a avast user

Re: network shield blocks a site wrongly!

« Reply #1 on: June 06, 2011, 03:19:46 PM »

Sorry but Sucuri scanner say very infected

http://sucuri.net/malware/malware-entry-mwjs488

see screenshot

« Last Edit: June 06, 2011, 03:31:11 PM by Pondus »

Logged

kamivh1

Guest

Re: network shield blocks a site wrongly!

« Reply #2 on: June 06, 2011, 03:25:34 PM »

Quote from: Pondus on June 06, 2011, 03:19:46 PM

Sorry but Sucuri scanner say very infected
http://sucuri.net/malware/malware-entry-mwjs488

it's odd! but
anyway, can't i exclude this site?

Logged

polonus

Avast Überevangelist
Probably Bot
Posts: 33905
malware fighter

Re: network shield blocks a site wrongly!

« Reply #3 on: June 06, 2011, 03:28:16 PM »

Hi kamivh1,

Make that site non-click-through like with hxtp://etc.
See the sucuri scan report, site is full of various javascript malware.
Do not exclude site, but inform the admin of that site it has been fallen to malcode,
it has to be cleansed, may have been hacked via: -index.php
(now empty)

polonus

Logged

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

kamivh1

Guest

Re: network shield blocks a site wrongly!

« Reply #4 on: June 06, 2011, 03:34:38 PM »

Quote from: polonus on June 06, 2011, 03:28:16 PM

Hi kamivh1,

Make that site non-click-through like with hxtp://etc.
See the sucuri scan report, site is full of various javascript malware.
Do not exclude site, but inform the admin of that site it has been fallen to malcode,
it has to be cleansed, may have been hacked via: -index.php
(now empty)

polonus

thanx for help!

Logged

kamivh1

Guest

Re: network shield blocks a site wrongly!

« Reply #5 on: June 06, 2011, 04:43:17 PM »

moderators, but i checked this url with link-scanner & virus-total & more they said it's clean!
also other members of this site said their antiviruses don't report it! pls help me.

« Last Edit: June 06, 2011, 04:45:01 PM by kamivh1 »

Logged

Pondus

Probably Bot
Posts: 37534
Not a avast user

Re: network shield blocks a site wrongly!

« Reply #6 on: June 06, 2011, 04:55:53 PM »

Quote from: kamivh1 on June 06, 2011, 04:43:17 PM

moderators, but i checked this url with link-scanner & virus-total & more they said it's clean!
also other members of this site said their antiviruses don't report it! pls help me.

No other AV report it...yet. Someone has to be the first one....
avast is very often the fist one on these web infections, this is a avast speciality and very often correct

I have uploaded it to some other AV for analysis, i will post the result here when i recive it

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

« Last Edit: June 06, 2011, 05:07:19 PM by Pondus »

Logged

DavidR

Avast Überevangelist
Certainly Bot
Posts: 89065
No support PMs thanks

Re: network shield blocks a site wrongly!

« Reply #7 on: June 06, 2011, 05:12:04 PM »

With all due respect to many of these other scanners, they aren't in the same league at detecting hacked/infected sites as avast's Web Shield. When their are multiple detections by the web shield, then the communityIQ feature of avast transmits this information and then the Network Shield would block the site.

The Sucuri scanner does a much more in depth and detailed scan than these other tools also.

If I bypass the network shield, then I get an alert by the Web Shield, image1. Analysing the file that the web shield shows it is an obfuscated zip, image2 extract of the content.

Why this file is loaded by the index.php (and more importantly what it does, I don't know) is strange, but since there are other areas mentioned by the sucuri scan it certainly looks like the site has been hacked. So the most likely area are the PHP templates as it is possibly the PHP content management software that has been exploited (if it is out of date).

Logged

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DBone

Guest

Re: network shield blocks a site wrongly!

« Reply #8 on: June 06, 2011, 05:23:39 PM »

If the OP continues to try and connect to that website, I'll look forward to his "I'm Infected, Now What?" thread.

Logged

kamivh1

Guest

Re: network shield blocks a site wrongly!

« Reply #9 on: June 06, 2011, 05:24:02 PM »

Quote from: DavidR on June 06, 2011, 05:12:04 PM

With all due respect to many of these other scanners, they aren't in the same league at detecting hacked/infected sites as avast's Web Shield. When their are multiple detections by the web shield, then the communityIQ feature of avast transmits this information and then the Network Shield would block the site.

The Sucuri scanner does a much more in depth and detailed scan than these other tools also.

If I bypass the network shield, then I get an alert by the Web Shield, image1. Analysing the file that the web shield shows it is an obfuscated zip, image2 extract of the content.

Why this file is loaded by the index.php (and more importantly what it does, I don't know) is strange, but since there are other areas mentioned by the sucuri scan it certainly looks like the site has been hacked. So the most likely area are the PHP templates as it is possibly the PHP content management software that has been exploited (if it is out of date).

thanx i just contacted with admin of this site.

Logged

DavidR

Avast Überevangelist
Certainly Bot
Posts: 89065
No support PMs thanks

Re: network shield blocks a site wrongly!

« Reply #10 on: June 06, 2011, 06:07:28 PM »

You're welcome.

Logged

MihanIT

Guest

Re: network shield blocks a site wrongly!

« Reply #11 on: June 07, 2011, 12:36:51 AM »

Hi,

AVAST make a false report about a java script file that is a part of a most popular vBulletin plugin.
http://www.vbulletin.org/forum/showthread.php?t=118048

Please see the source codes:
hxxp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1

There are no any malicious codes.

Please take action to fix the problem in your next software update.

Regards

« Last Edit: June 07, 2011, 10:44:20 AM by MihanIT »

Logged

kamivh1

Guest

Re: network shield blocks a site wrongly!

« Reply #12 on: June 07, 2011, 12:47:14 AM »

Quote from: MihanIT on June 07, 2011, 12:36:51 AM

Hi,

AVAST make a false report about a java script file that is a part of a most popular vBulletin plugin.
hxxp://www.vbulletin.org/forum/showthread.php?t=118048

Please see the source codes:
hxxp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1

There are no any malicious codes.

Please take action to fix the problem in your next software update.

Regards

hi moderators pls notice this.

« Last Edit: June 07, 2011, 06:45:36 PM by kamivh1 »

Logged

DavidR

Avast Überevangelist
Certainly Bot
Posts: 89065
No support PMs thanks

Re: network shield blocks a site wrongly!

« Reply #13 on: June 07, 2011, 02:50:51 AM »

Quote from: MihanIT on June 07, 2011, 12:36:51 AM

Hi,

AVAST make a false report about a java script file that is a part of a most popular vBulletin plugin.
http://www.vbulletin.org/forum/showthread.php?t=118048

Please see the source codes:
hXXp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1

There are no any malicious codes.

Please take action to fix the problem in your next software update.

Regards

The problem is we can't check anything on the hxtp://asrema1.co.cc site as it is blocked and that is based around the information already given.

Please 'modify' your post change the URL from http to hXXp or www to wXw (as I have in the quoted text), to break the link and avoid accidental exposure to suspect sites, thanks.

I have visited your first link and I get no alert on that topic, so what exactly is the problem with the vBulletin link ?
You can post an image of the avast alert.

Logged

kamivh1

Guest

Re: network shield blocks a site wrongly!

« Reply #14 on: June 07, 2011, 03:07:50 AM »

Quote from: DavidR on June 07, 2011, 02:50:51 AM

Quote from: MihanIT on June 07, 2011, 12:36:51 AM
Hi,

AVAST make a false report about a java script file that is a part of a most popular vBulletin plugin.
http://www.vbulletin.org/forum/showthread.php?t=118048

Please see the source codes:
hXXp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1

There are no any malicious codes.

Please take action to fix the problem in your next software update.

Regards

The problem is we can't check anything on the hxtp://asrema1.co.cc site as it is blocked and that is based around the information already given.

Please 'modify' your post change the URL from http to hXXp or www to wXw (as I have in the quoted text), to break the link and avoid accidental exposure to suspect sites, thanks.

I have visited your first link and I get no alert on that topic, so what exactly is the problem with the vBulletin link ?
You can post an image of the avast alert.

no he means this plugin javascript Image resizer has a false alarm!
this url hxxp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1 has got (image resizer) ,so it's blocked!

pls fix this problem. im a member of this site,so if u dont fix this i have to change my av!
im a fan of avast! but....

« Last Edit: June 07, 2011, 03:15:56 AM by kamivh1 »

Logged

Author Topic: network shield blocks a site wrongly! (Read 14355 times)

kamivh1

kamivh1

kamivh1

kamivh1

DBone

kamivh1

MihanIT

kamivh1

kamivh1