Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Spiritual2016 on September 04, 2017, 09:47:14 PM
-
I am using Avast Free Version with the latest updates.
On Mon Sept 4 at Noon Pacific, I had my Opera browser open (with the latest updates) and a warning message stated 'We safely aborted connection on sz0m.garo.gdn because it was infected with URL:Mal.'
Threat: URL: Mal
URL: http://sz0m.garo.gdnl?Opera.exe
Detected by Web Shield
Status: Connection Aborted
I checked the Virus Vault but nothing was listed so a Smart Scan and a Full Virus Scan were run but nothing was detected during either scan.
An Anti-Malware scan was also run (with the latest updates) but nothing was detected either.
Was this a false positive since Avast detected an issue within Opera.exe specifically? If someone could look into it and advise, it would be appreciated.
-
Ofcourse there is nothing in the chest as there is nothing to place there.
It was the webshield that blocked a blacklisted site.
-
The only page that was open in my Opera browser was my Hotmail inbox-Why would that be blacklisted?
-
Read your first post.
It wasn't Hotmail that was blocked.
-
You need to be clearer in what you are talking about.
I had two pages open in Firefox (Hotmail and Craigslist) and one page open in Opera (another Hotmail account).
What website was blocked?
-
You posted the site in your original post.
-
'What was the original website and what browser was it blocked on?'
I only visited Hotmail and Craigslist so how could a non-visited website be blocked?
-
'What was the original website and what browser was it blocked on?'
I only visited Hotmail and Craigslist so how could a non-visited website be blocked?
Either of those sites or individual page that you visit could have a 3rd party link to another site, one that is on list of sites considered to be malicious or infected.
-
DavidR:
I visit Hotmail and Craigslist multiple times each day and never had an Avast warning that blocked it so why would Avast block it this one time?
-
Look at your first post:
(http://screencast-o-matic.com/screenshots/u/Lh/1504564745172-88126.png)
-
DavidR:
I visit Hotmail and Craigslist multiple times each day and never had an Avast warning that blocked it so why would Avast block it this one time?
It doesn't really matter how many times you have used the site, 'something' on it is trying to access what is considered a malicious site. This could even be as common as an advert on that page being delivered by an ad source this is commonly called 'malvertising' it could be something else entirely.
Something is trying to connect to sz0m.garo.gdn and that is subsequently trying to connect again to a site considered malicious. What that might be I don't know, I didn't venture into the site to find any 3rd party links.
-
DavidR Only:
What 'is' sz0m.garo.gdn Opera.exe though?
Is it a website? If so, what type of website?
Was Firefox or Opera attemptuing to connect to it?
-
It is in two parts 1. the site/url that is at issue and 2. the process trying to access it, in this case your browser Opera.
As you can see from my images I used firefox to access sz0m.garo.gdn to trigger the alert to be able to show the images.
Yes it is a website/url - I have no idea what type of website it is. The process/browser used is immaterial, you happened to be using your browser and a site that you connected to (Hotmail and Craigslist) could have an external (3rd party) link to the sz0m.garo.gdn site and that inadvertently triggered the alert.
If using Hotmail to browse your email, there is also a possibility one of your emails had an external link.
-
DavidR Only:
Thanks for the information-Obviously, Web Shield did its job by blocking this malicious activity from entering my computer, correct?
-
Read your first post !
-
DavidR Only:
What 'is' sz0m.garo.gdn Opera.exe though?
Is it a website? If so, what type of website?
Was Firefox or Opera attemptuing to connect to it?
A site that display ads. Seems to be fake / phishing
See screenshots >> http://urlquery.net/report/48c0b4eb-eef5-494e-aa01-4d7f61fdf24d
-
DavidR Only:
Thanks for the information-Obviously, Web Shield did its job by blocking this malicious activity from entering my computer, correct?
You're welcome and yes.