Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: dns on September 06, 2011, 06:33:13 PM

Title: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: dns on September 06, 2011, 06:33:13 PM
my friend asked me to find something for him, on google.
while googling, avast popped up with the following details:
url: hxxp://www.google.co.il/url?sa=f&rct=j&url=http://arquitecturasoftware.org/19534-download.htm&q=pod+to+pc+registration+code&lpe=2&usg=AFQjCNE4tVm-_rpjP-nfLN9Gya0a1zADpg|>{gzip}

^ NOTE FOR THE GOOGLE.CO.IL as the base of the link.
malware: JS:ScriptIP-inf [Trj] -- Blocked.
so.. google search is infected or avast is wrong?
important information:
everything was happening under Sandboxie, not in my real sytem machine
as i said before, i was trying to help a friend, i guess i wont try to help again.
i NEVER enter to sites google show me on google search, i usually take what i need from the
website description.
the AVAST popup was right when the google search was loaded.
No av not even AVAST says that the url is infected- so wtf is going on? my avast is updated.

after that, i made some scans to see what's going on:
MBAM: Clean.
AVAST: Rootkit Scan + Full Scan + Boot Scan = Clean.
Virustotal: url is clean 0/16.

Sandbox has been cleaned immidiately + no active connections when i dont open a software that
requires internet connection.
No unknown tasks in task manager.
HELP?  :-\
Title: Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: Pondus on September 06, 2011, 06:53:59 PM
Quote
url: hxxp://www.google.co.il/url?sa=f&rct=j&url=hxxp://arquitecturasoftware.org/19534-download.htm&q=pod+to+pc+registration+code&lpe=2&usg=AFQjCNE4tVm-_rpjP-nfLN9Gya0a1zADpg|>{gzip}
I am guessing this

Wot
http://www.mywot.com/en/scorecard/arquitecturasoftware.org
Title: Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: dns on September 06, 2011, 06:57:09 PM
Quote
url: hxxp://www.google.co.il/url?sa=f&rct=j&url=hxxp://arquitecturasoftware.org/19534-download.htm&q=pod+to+pc+registration+code&lpe=2&usg=AFQjCNE4tVm-_rpjP-nfLN9Gya0a1zADpg|>{gzip}
I am guessing it may be this

Wot
http://www.mywot.com/en/scorecard/arquitecturasoftware.org
I dont understand what's the problem with Wot, what is that anyway?
and it doesnt matter, i was in google and not in their site, i didnt even entered a picture,
just google scan, it doesnt make any sense.

you can google anything, it shouldnt do anything as long as you dont enter a malicious website.
i even google this software and avast didnt tell me a thing.
so why avast poped up in my previous search? i didnt enter any website.
Title: Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: Pondus on September 06, 2011, 07:00:39 PM
Quote
I dont understand what's the problem with Wot, what is that anyway?
arquitecturasoftware.org is listed as a bad site at WOT
Title: Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: dns on September 06, 2011, 07:01:16 PM
Quote
I dont understand what's the problem with Wot, what is that anyway?
arquitecturasoftware.org is listed as a bad site at WOT
but it doesnt matter, it was a google search only.
i didnt enter to any of the sites in the search, only googled like everyone else does.
Title: Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: ady4um on September 06, 2011, 09:51:23 PM
You probably used the "preview" feature of google, without even noticing.

When google shows you the preview, the specific webpage has to be already connected, somehow. Google is not showing you the preview just from its cache.

Probably when google connected that site so to show you the preview, then was that Avast showed you the alert. The alert is not about google, but about that other site "arquitecturasoftware". (I won't copy here the link again, since it seems you are confusing WOT with google with that problematic website.)
Title: Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
Post by: YoKenny on September 06, 2011, 11:24:54 PM
As dns is stll on XP SP 2 they need to read this:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31