Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: quard on May 05, 2009, 06:22:16 PM
-
Avast! Home 4.8.1335 won't let me go to the Chrome Zone forums at http://chromezone.s3graphics.com saying it's a malicious site. Any way to over-ride these false positives in the future before a fix?
Thanks.
-
I have no idea why it is blocked, but I was able to get to it to investigate (I wouldn't advise you do that just yet), however, the site is down for a revamp, see image. It directs you to the forums, http://forums.s3chromezone.com (no alerts at that URL) perhaps you could check there if they are aware of this.
You can report it at virus @ avast (dot) com as a possible 'False Positive - Network Shield' (use the quoted text as the subject) and hopefully it will be quickly investigated. Give a link to this topic.
-
As soon as I opened this post, avast warned me. I guess it's still there. I'll try to figure out what it is...
-
When I opened the link, the Network Shield blocked two sites.
05.05.2009 16:37:05 Network Shield: blocked access to malicious site chromezone.s3graphics.com/favicon.ico [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 1840 ) ]
05.05.2009 16:37:05 Network Shield: blocked access to malicious site chromezone.s3graphics.com/ [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 1840 ) ]
Looks like the site could be a virus and the favicon icon could be a backup virus. I'm going to investigate in firefox with noscript.
-
Avast blockes acess to hXXp://www.s3graphics.com/ too. Maybe the virus came from the webhosting server. This site could of been hacked or it could of had a virus on it on purpose or it could be a false positive.
-
Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?
-
Other way would be to contact them
-
Well, I just checked out the website without avast protection and looked at the code (I don't care, I just have a test machine) and the only thing that I could see that might be telling avast that there is a malicious code was this:
document.writeln("You are being redirected to the forums.<BR>");
setTimeout("location.href='hxxp://forums.s3chromezone.com';", 5000);
I don't see any problem with that code though.
I'm not really sure what is setting avast off. If that site "hxxp://chromezone.s3graphics.com/" is actually the page that's giving avast problems, it must be a false positive. Unless of course the page that it forward or redirects to is the problem, then that's a different story. If there is, I didn't see it in the code of the redirected site either... "hxxp://forums.s3chromezone.com/phpBB3/"
I dunno... I'm stumped. :(
-
Well I too disabled the network shield (not advised for the faint hearted) as I mentioned to be able to check the page nothing on it, but that isn't the problem. What is that the network shield is matching it with a malicious site list. I have done many searches and can find no other indication of malware hosted on the sub-domain. Which is why I suggested reporting it as a possible FP.
-
Was distributing malware, I blocked the whole site. Now the malware is gone, removed from block.
-
Was distributing malware, I blocked the whole site. Now the malware is gone, removed from block.
Thanks for the info. Again, avast detection is correct (see reply #5 above).
-
Now the malware is gone, removed from block.
I'm getting the warnings again, maybe the malware's back?
-
It may be that it hasn't filtered through to a VPS update yet ???
-
Yeah, that's possible...