Avast WEBforum
Other => Viruses and worms => Topic started by: scjr on April 24, 2010, 08:04:51 PM
-
I've used this gmail e-mail program for quite awhile. Never any issues.
hxxp://www.gmailnotifier.com/
Today Avast blocked a URL:Mal at this website. I've attached a picture of the Avast pop-up. Could this website possibly be infected? I was wondering if anyone else has experienced this at this website, with the latest definitions (100424-0).
It did block the URL (Object) listed in the pop-up. Nice job Avast!!
Thanks,
scjr
-
Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?
Maybe you could contact its webmaster.
Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).
-
Well I didn't get an alert on the URL you gave, but it needs to be broken (see below). So is this the page you were at, if so they might have cleaned the redirect that was causing the problem ?
- Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
See http://www.mywot.com/en/scorecard/xorg.pl (http://www.mywot.com/en/scorecard/xorg.pl) as from your image something is trying to redirect to xorg.pl which has a poor reputation. Also see http://www.google.com/safebrowsing/diagnostic?site=tes557.xorg.pl/ (http://www.google.com/safebrowsing/diagnostic?site=tes557.xorg.pl/) and http://www.siteadvisor.com/sites/xorg.pl/summary/ (http://www.siteadvisor.com/sites/xorg.pl/summary/).
-
I am getting avast alert and Malwarebytes IP block 61.4.82.212
Wepwet Analysis report
http://wepawet.iseclab.org/view.php?hash=f2e26522460365f3267abaf333f9234d&t=1272133125&type=js
strange......now the avast warning is gone......
hpHosts
http://hosts-file.net/default.asp?s=61.4.82.212
-
Hi scjr,
The site you give - please make non-clickable by putting either hxtp or wXw - re-directs here: htXp://cechirecom.com/js.php (this is an unknown recent domain:No match for "CHECIRECOM.COM" found...
>>> Last update of whois database: Sat, 24 Apr 2010 18:22:22 UTC <<<)
and a redirect to: htxp://www3.sdfhj40-td.xorg.pl
polonus
-
Sorry about putting up the live URL. I corrected that. My apologies. :(
All the best,
scjr
-
Sorry about putting up the live URL. I corrected that. My apologies. :(
All the best,
scjr
No problem, as you edited it now... ;)
asyn
-
Thank you. This is a friendly forum. I appreciate this program.
Thanks again.
scjr
-
Hi scjr,
Thank you for visiting us, and we were glad we could be of any help to you.
Surf safe and secure is the wish of,
polonus
-
Surf safe and secure is the wish of,
polonus
...and all the other little helpers. ;D
-
Hi Asyn,
You're right, seen this http://www.siteadvisor.com/sites/xorg.pl/postid/?p=4524004
Also with polish sites there are bad apples, also see this:
http://safeweb.norton.com/report/show?url=xorg.pl
27 threats found,
pol
-
I'm so pleased Avast picked this up. This is the best AV out there. I came from one that used a pop-up ad. Avast is superior.
All the best to everyone and thank you for the warm wishes.
scjr
-
You're welcome, we kind of like avast too ;D
I have only been using it for 6 years though ;D
-
Hi DavidR,
This is the complete list of the xorg.pl malware sites:
http://www.malwareurl.com/search.php?domain=&s=xorg.pl&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on
Stay clear of these URLs,
polonus
-
Also with polish sites there are bad apples...
Hi D.,
sure why should polish sites be better/worse than others...? ;)
asyn
-
I'm so pleased Avast picked this up. This is the best AV out there. I came from one that used a pop-up ad. Avast is superior.
Yes..! No pop ups here except updates and malware notifications... ;D
asyn
-
I have only been using it for 6 years though ;D
I can top this; 15+ years (don't remember exactly) and staying with avast since then... :D
asyn
-
Hi all.
Check out the Malware Domain List or alternatively :
http://www.malwareurl.com/listing-urls.php
http://safeweb.norton.com/buzz
http://www.malwaredomains.com/wordpress/
http://www.malwaredomainlist.com/mdl.php
-
Hi DavidR,
This is the complete list of the xorg.pl malware sites:
http://www.malwareurl.com/search.php?domain=&s=xorg.pl&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on
Stay clear of these URLs,
polonus
Yes once I get to a couple of references I stop ;D
-
Just an update on this infection. I contacted the webmaster of the site and he indeed was infected. Here's his response:
Hi ...
Thank you for this warning. My website was infected indeed. This is the second time now.
Can you please run a check now ? I believe the threat was removed.
Thanks
The site is now clean with no redirects or warnings from Avast.
Thank you Avast, you saved me on this one for sure.
All the best,
scjr
-
The site is now clean with no redirects or warnings from Avast.
Good..! Thanks for your feedback...!! :)
asyn
-
Hi Asyn,
Here the issue was treated on Dancho Danchev's blog:
http://ddanchev.blogspot.com/2010/04/godaddys-mass-wordpress-blogs.html
We are going right with the security news, my friend,
polonus
-
Hi Asyn,
Here the issue was treated on Dancho Danchev's blog:
http://ddanchev.blogspot.com/2010/04/godaddys-mass-wordpress-blogs.html
We are going right with the security news, my friend,
polonus
Yes..! Always up to date, because of your effort - thanks pal... :)
asyn