Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on September 23, 2016, 06:08:25 PM
-
For the past couple of days Avast has been popping up notifications on all 3 of our Macs about blocking HTML:Framer-inf from http://bidr.trellian.com
But a couple of different site scanners come back reporting the site as clean.
I'm using Avast Mac Security 2015, version 11.17 (46792), virus definitions 16092300 so everything is very up to date.
Is this a false positive? If so, is there any way to stop it from happening so my spouse and kid don't keep freaking out and calling me about the Avast notifications popping up on their Macs? :-)
-
There is no need to post the same thing twice.
Blacklisted :
https://www.virustotal.com/en/url/33898ecfbb88e9e73f39497a79483b06600b9175c69e446dd3b08b7e5410c0a1/analysis/1474647259/
https://quttera.com/detailed_report/bidr.trellian.com
Blacklisted and malicious :
http://zulu.zscaler.com/submission/show/6ce7733732373e92400d747e227d1544-1474647229
Really bad reputation :
https://www.mywot.com/en/scorecard/bidr.trellian.com
https://www.virustotal.com/en/ip-address/103.224.182.206/information/
Malware spreaded through that ASN/from that IP :
http://urlquery.net/report.php?id=1474647622068
-
I'm having the same problem, but forgive me for not understanding the reply... what are we supposed to DO with those suggested URLS? Go to them? Watch out for them?
-
They are the scan results for that site with what is found.
-
The URLs are basically from analysis sites, they give information on the bidr.trellian.com site.
What to do, look at them and see what they have found on their analysis of the bidr.trellian.com site.
-
Here the main domain is reported as malicious by various reporters: https://www.mywot.com/en/scorecard/trellian.com?utm_source=addon&utm_content=popup
See that MBAM flags here: http://hosts-file.net/?s=trellian.com High Risk Malware classification.
polonus
-
I'm having the same problem, but this warning is popping up on many of the websites to which I normally browse. It's not a problem of trying to go to the listed malicious site, but that many normal sites are giving that warning (like nytimes.com) about this trojan at said site when I'm using Safari. I'm wondering what the explanation is.
-
A webpage can have code or an ad that tries to contact trillion when the page load in your browser. In Safari, if one of those pages is one of your Top Sites and your Safari preferences are set to show Top Sites when a new page or tab opens, then Avast will show the web shield block message.
-
Hi,
bidr.trellian[.]com was blocked because it appears in this list: https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt (more info here: https://ransomwaretracker.abuse.ch/)
Do you think this is a false positive? Are you the owner?
-
Has been launching Cryptowall since 2012, Lastseen (UTC): 2016-07-26 07:59:22
polonus
-
Yes, I purchased Avast, and it's my Mac Pro. I don't know whether it's a false positive or not, or whether my system is infected. A full scan revealed nothing. Safari is not set to open Top Sites when I open a new window, just a blank page. I do know that it appears the message appears sporadically when I open a new window, and I am not able to predict for which sites it will do this. I always get essentially the same pop-up notification: the bottom of it where it says the process is located in System/Library/Frameworks/... is cut off. The end of the URL that it's trying to reach seems to change once a day.
-
profilename,
your problem seem to have nothing to do with the topic of this thread.
Please start your own thread in the correct forum (this one is for Windows) and provide details.
-
Eddy, The initial post was about 3 Macs that the person has for which a warning about an infection at bidr.trellian.com is popping up. So, you are incorrect: my post is precisely about the topic of this thread, as the same thing is happening on one of my Macs too. It seems you misread the initial post. If it should have been on a different board, you might mention it to the person who made the initial post. I'll await a response to the issue that has been raised.
I just got the pop-up again, for the second time today. It's at a different site almost every time, so I don't think the site to which I am browsing is the issue.
-
No, I'm correct and you are wrong.
many of the websites to which I normally browse.
The OP is mentioning only one site, you say many.
I just got the pop-up again, for the second time today. It's at a different site almost every time,
Run the scans/checks.
-
The poster said the messages are coming from bidr.trellian.com, which he then used a site scanner to scan. All of the pop-up messages are coming from bidr.trellian.com for me as well. He did not say that he was browsing to that specific site. I have not been as well: the pop-ups referring to that site appear seemingly randomly as I browse other sites. My issue appears from everything that was said to be the same issue. You read more into the original post than is actually stated there, aside from missing that the original post was about Macs.
-
A webpage can have code or an ad that tries to contact trillion when the page load in your browser. In Safari, if one of those pages is one of your Top Sites and your Safari preferences are set to show Top Sites when a new page or tab opens, then Avast will show the web shield block message.
I had been struggling with this problem for the past couple of days with my Mac. I noticed the Avast warning pops up a few seconds after I click in the search box in Safari, even before I begin typing. After seeing JL147's post, I decided to go ahead and delete a number of my "Favorites" under Bookmarks. I did not delete them one at a time so I do not know which of the favorites was the offender, but it solved the problem, at least for now. If anyone has the patience to delete one Favorite at a time, restart Safari, and click the search box, you may just find the website that was contacting Trellian.
-
I've also had this issue the past week on my Macs. The alert has come up for me when opening Gmail, Google Voice, Google Calendar, or Google Drive. I'm hoping there's just an overly aggressive virus definition that is reading some new Google coding incorrectly.
-
I found that something had added a line in my proxy settings, once I cleared this the infection notification stopped popping up. In Safari, open preferences, advanced, open 'change settings' next to proxy, and remove anything in the 'bypass proxy settings for the following domains, etc.'. Hope this is works for you.
-
NuclearCow,
This thread has been dead for about 8 months.