Author Topic: gstatic.com is malware  (Read 7679 times)

Offline glnz

  • Jr. Member
  • **
  • Posts: 51
    • Personal Message (Offline)
gstatic.com is malware
« on: July 09, 2011, 04:47:45 PM »
Just last two days getting a ton of messages from Avast that it is blocking various websites ending in "gstatic.com".

Is that really a malware source or a false alarm?

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24924
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: gstatic.com is malware
« Reply #1 on: July 09, 2011, 04:57:14 PM »
Report    2011-07-09 18:33:10 (GMT 1)
Website    gstatic.com
Domain Hash    05d986b30d7eb849a90ddf372e58e082
IP Address    209.85.148.120 [SCAN]
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US (United States)
AS Number    15169
AS Name    GOOGLE - Google Inc.
Detections    0 / 23 (0 %)
Status    CLEAN

Report    2011-07-09 19:11:29 (GMT 1)
IP Address    209.85.148.120
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US
AS Number    N/A
AS Name    N/A
Detections    0 / 26 (0 %)
Status    CLEAN
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline kubecj

  • Administrator
  • Advanced Poster
  • ***
  • Posts: 1127
  • Gender: Male
    • ALWIL Software
    • Personal Message (Offline)
Re: gstatic.com is malware
« Reply #2 on: July 09, 2011, 05:14:47 PM »
Please, check your hosts file - is it empty or not?
Jindrich Kubec

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69217
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: gstatic.com is malware
« Reply #3 on: July 09, 2011, 06:12:18 PM »
I visit sites that regularly have cross site scripting to load data from gstatic.com and no alerts from avast.

So there appears to be something else going one here, so I would follow kubecj's suggestion and check out your HOSTS file.

- HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 (but could just as easily be used to redirect to malware sites), check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
 
Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20148
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: gstatic.com is malware
« Reply #4 on: July 09, 2011, 06:40:48 PM »
Hi glnz,

What about this, lot of this malware now dead or closed, but had been there:
-http://www.malware-control.com/statics-pages/878ee58bb1e03f1ce20efe0477793855.php
There was a sality virus attack once from there, also phishing on Google image search, etc.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now