Avast WEBforum

Other => Viruses and worms => Topic started by: glnz on July 09, 2011, 06:47:45 PM

Title: gstatic.com is malware
Post by: glnz on July 09, 2011, 06:47:45 PM
Just last two days getting a ton of messages from Avast that it is blocking various websites ending in "gstatic.com".

Is that really a malware source or a false alarm?
Title: Re: gstatic.com is malware
Post by: Asyn on July 09, 2011, 06:57:14 PM
Report    2011-07-09 18:33:10 (GMT 1)
Website    gstatic.com
Domain Hash    05d986b30d7eb849a90ddf372e58e082
IP Address    209.85.148.120 [SCAN]
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US (United States)
AS Number    15169
AS Name    GOOGLE - Google Inc.
Detections    0 / 23 (0 %)
Status    CLEAN

Report    2011-07-09 19:11:29 (GMT 1)
IP Address    209.85.148.120
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US
AS Number    N/A
AS Name    N/A
Detections    0 / 26 (0 %)
Status    CLEAN
Title: Re: gstatic.com is malware
Post by: kubecj on July 09, 2011, 07:14:47 PM
Please, check your hosts file - is it empty or not?
Title: Re: gstatic.com is malware
Post by: DavidR on July 09, 2011, 08:12:18 PM
I visit sites that regularly have cross site scripting to load data from gstatic.com and no alerts from avast.

So there appears to be something else going one here, so I would follow kubecj's suggestion and check out your HOSTS file.

- HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 (but could just as easily be used to redirect to malware sites), check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
 
Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file (http://en.wikipedia.org/wiki/Hosts_file)
Title: Re: gstatic.com is malware
Post by: polonus on July 09, 2011, 08:40:48 PM
Hi glnz,

What about this, lot of this malware now dead or closed, but had been there:
-http://www.malware-control.com/statics-pages/878ee58bb1e03f1ce20efe0477793855.php
There was a sality virus attack once from there, also phishing on Google image search, etc.

polonus