Author Topic: Syndication Exoclick  (Read 9769 times)

Offline wombat1953

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Syndication Exoclick
« on: January 02, 2012, 10:52:38 AM »
When I log into certain websites I now get redirected to another site which my virus software stops me from going into saying it is dangerous.  I understand that Syndication Exoclick has something to do with it.  I have tried running Malawarebytes and superantispyware but with no success.  How can I stop this please ?

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Syndication Exoclick
« Reply #1 on: January 02, 2012, 12:01:02 PM »
Since this is an on-line alert blocked by either the web shield or network shield and probably not on your system, I'm not surprised that MBAM or SAS don't find anything. Since this is only happening on certain sites when you are browsing, then I suspect that this is web based and not on your system, but need more information to say with any certainty.

However, to help us can you give is the malware name, full paths to the alert/s or post a screenshot of the alert window ?

When posting URLs change the http to hXXp to break the link and avoid accidental exposure to suspect sites.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline exoclick

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #2 on: January 02, 2012, 12:33:37 PM »
Dear wombat1953,

I have just sent you a private message.
ExoClick would be happy to help you if you can provide us a bit more information regarding this issue:

- Screenshots
- URLs causing the problem
- Browser used
- Antivirus installed

Thank you in advance.

Kind regards,
ExoClick

Offline Left123

  • There Is No Patch For Human Stupidity.
  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 1052
  • Gender: Male
  • Proud Community Member&Helper.
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #3 on: January 02, 2012, 03:46:44 PM »
Dear wombat1953,

I have just sent you a private message.
ExoClick would be happy to help you if you can provide us a bit more information regarding this issue:

- Screenshots
- URLs causing the problem
- Browser used
- Antivirus installed

Thank you in advance.

Kind regards,
ExoClick
You are not in position to provide help,let start by giving you some links to your site:
http://www.mywot.com/en/scorecard/syndication.exoclick.com/event-29231#events
10/01/2011   hpHosts   Used for advert or tracking purposes.
Have a look at WOT comments.
URL VOID:
Report    2010-09-12 03:27:00 (GMT 1)
Website    syndication.exoclick.com
Domain Hash    f9192d05a7b7fba9fb1f0b6c8abf29bc
IP Address    213.135.50.72 [SCAN]
IP Hostname    a213-135-50-72.deploy.akamaitechnologies.com
IP Country    PL (Poland)
AS Number    8664
AS Name    ICM-PUB University of Warsaw, ICM
Detections    3 / 17 (18 %)
Status    DANGEROUS
Scanning site with:    DNS-BH    DETECTED
Scanning site with:    hpHosts    DETECTED
Scanning site with:    MyWOT    DETECTED
http://www.webutation.net/go/review/syndication.exoclick.com  40/100 ....

Also found here
http://support.clean-mx.de/clean-mx/viruses.php?domain=syndication-exoclick.com&sort=first%20desc

Also here,serving malware as .JPG  files
http://www.malware-control.com/statics-pages/76d9950a5719074c489e5abb6c5153f8.php


http://urlquery.net/report.php?id=14260

Your ASN > ASN   AS23393 ISPrime, Inc.
http://www.mywot.com/en/scorecard/isprime.com
10/01/2011   hpHosts   Engaged in the distribution of malware.
10/01/2011   hpHosts   Appeared on a list of malicious websites.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline exoclick

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #4 on: January 03, 2012, 08:32:31 AM »
Dear wombat1953,

Thank you for your private reply. Our support team is currently working on it in order to help you.

Dear Left123,

If our ad network is involved in this issue, I think we can help.

Some of the links you provided are outdated and we took serious actions to avoid this kind of issue.
As you can see, following programs identify our domain as safe for browsing:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=exoclick.com/
http://www.virustotal.com/url-scan/report.html?id=3e4dec7b6288e5c377e51d618824cde3-1319543984

Same result on McAfee Site Advisor, AVG ThreatLabs, Norton Safe Web, ...

We already requested MyWOT to review his rating as most of the comments are outdated. As you might know, this is a process taking time.
Still, we thank you for reporting these so we can continue improving our ad network.

Kind regards,
ExoClick

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #5 on: January 03, 2012, 01:36:14 PM »
The site is blocked by network shield to avoid further risk...

network shield has in built url blocker and enhanced network scanner...

this is blocked by URL blocker so no detection here just with the AV engine here:
http://www.virustotal.com/file-scan/report.html?id=deb686c71f72dbee4ef76d3cf176a6644995fec0b2788f1bee17072f9972da69-1319552866

Offline exoclick

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #6 on: January 04, 2012, 09:06:44 AM »
Dear true indian,

I am not sure to understand what you mean.
The URL you provide on VirusTotal is clean as far as I can see.

Are you part of network shield?

Regards,
ExoClick

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #7 on: January 04, 2012, 09:32:51 AM »
the network shield has 2 parts-

1.URL Blocker.

2.Enhanced network scanner.

The site is blocked by URL blocker so there is no scanning done be network scanner or the web shield ...this site is in the list Of the sites which have to be blocked by url blocker...

they must have added it as the site may lead a user to malicious content...


Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Syndication Exoclick
« Reply #8 on: January 04, 2012, 01:06:54 PM »
@ exoclick
Well true indian has nothing to do with avast, other than he is an avast user like the others including me who have responded.

I also have no idea where true indian digs out this about the network shield "Enhanced network scanner" it certainly isn't my understanding of how the network shield works, it doesn't physically scan anything.

It checks calls to URLs against its list of known malicious sites and it monitors common ports used by exploits/worms, such as DCOM/LSASS, etc. This I wouldn't call an enhanced network scanner.

Unfortunately this is true indian jumping on a passing bandwagon without a clear understanding about what he is talking about.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #9 on: January 04, 2012, 02:05:25 PM »
http://www.avast.com/free-antivirus-download#tab3


see the above link i am correct....go down and check features.

url blocker and network scanner[intrusion detection system] are in built components of network shield...

I think David hasnt read about the features of the shields but i have  ;)
« Last Edit: January 04, 2012, 02:11:42 PM by true indian »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Syndication Exoclick
« Reply #10 on: January 04, 2012, 02:18:23 PM »
Sorry but you couldn't be more wrong if you tried.

Quote
Network Shield

Protects against network-based viruses with two main components: a URL blocker for malicious URLs, and a lightweight intrusion-detection system.

Where does this say it is an Enhanced Network scanner, that you claimed.

The "lightweight intrusion-detection system." above is exactly what I described, it monitors common exploit/worm entry ports.

EDIT:
Even the "lightweight intrusion-detection system." that it does have has zero to do with this alert as that is protecting against 'direct' attacks through the ports that is is monitoring DCOM/LSASS, etc. So that would have an entirely different alert not blocking a site but blocking a direct attack on your system.

So as the saying goes, when in a hole stop digging.
« Last Edit: January 04, 2012, 02:28:25 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #11 on: January 04, 2012, 02:44:59 PM »
REMOVED...
« Last Edit: January 04, 2012, 02:48:24 PM by true indian »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Syndication Exoclick
« Reply #12 on: January 04, 2012, 03:00:34 PM »
When are you going to stop digging.

No, it has nothing to do with this topic, this is the network shield blocking what it considers a malicious URL. It isn't a direct attack on a users system which the network shield's lightweight intrusion-detection function is looking out for. The network shield doesn't monitor the http port/s traffic that is the task of the web shield.

The users firewall should also be looking out for these attacks.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Syndication Exoclick
« Reply #13 on: January 04, 2012, 03:13:40 PM »
Ok now i am not digging david u always make small things a big issue..hope i am not mean...

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Syndication Exoclick
« Reply #14 on: January 04, 2012, 04:20:20 PM »
Digging as in digging yourself into a deeper hole and showing what experience level you have, not taking a dig at me, that I couldn't care less about, I only care about helping with the actual topic.

Small things aren't actually misleading the OP or other posters in the topic, all they have achieved is to take this topic wildly off-topic.

I intend not to take this further off-topic with your education on avast, so I will only be responding directly to the OPs comments/questions, unfortunately I fear he may have given up on this topic.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now