Author Topic: mesage from web page (Read 4937 times)

malpas · « **on:** August 08, 2009, 05:03:00 PM »

I have just recently installed Avast pro and its running well,as per instuction I ran a boot time scan and this came up "Message from web page hxxp://dftsoft.info/index.php? affd=02919 so not knowing what it was I chose to delete it then the scan complted. However after loggin on to the internet this message will come up at intermittent intervals,as it seems not to effect the running of the OS or any software I am curious to know if there will be any long term effect ty in anticipation of any help.

nmb · « **Reply #1 on:** August 08, 2009, 05:09:07 PM »

Hello malpas

get hijack this from here

do a "scan" and post log here using additional options while posting.

edit : google and unmask parasites says the site is suspicious. so does wepawet. the site gives you rogue security.

get malwarebytes antimalware(mbam) from here : malwarebytes.org . install, update, perform full scan and post log here. do all the scanning if you are worried that you are infected.

DavidR · « **Reply #2 on:** August 08, 2009, 05:20:09 PM »

avast isn't the only one not to like this site, firefox, safe browsing lists it as an attack site, see image.

If this was detected by the web shield then it should only have given one option, Abort Connection, this drops the infected item so it doesn't get on to your system. Detections have the malware name, file name and location, when that location is an Internet URL then that means that it is the web shield (or network shied) detecting it.

Now what strikes me as strange is how you could get this detection in a boot-time scan when it isn't possible to be browsing ?

Now if it was a network shield detection, it could be blocking an outbound connection attempt, which is even more strange since you say this is in a boot-time scan, when windows isn't running and presumably an internet connection wouldn't be present ?

So this is somewhat of a mystery to me, can you confirm exactly what scan was being done ?

####
Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

malpas · « **Reply #3 on:** August 08, 2009, 05:43:58 PM »

Many thanks David I am new to all this I have thought about your reply and it does only come up when connected to the net so Iwill do as you say and abort the connection in the webshield option,not to seem to ignorant what do you mean in your reply"Please modify your post change the URL from http to hxpp or www to wxw" do you mean to the message that is coming up?

cinchez · « **Reply #4 on:** August 08, 2009, 05:51:39 PM »

He meant ur post bro^^

change the www/http in the site to wxw/hxxp to prevent accidental infections to others^^

-AnimeLover^^

malpas · « **Reply #5 on:** August 08, 2009, 05:54:54 PM »

ty I understand what david means now thank you for your reply and help

Black3agl3 · « **Reply #6 on:** August 08, 2009, 06:42:22 PM »

What is that site? hxtp://dftsoft.info/index.php??? Clicked on it accidentally n got...

spg SCOTT · « **Reply #7 on:** August 08, 2009, 06:48:27 PM »

Quote from: Black3agl3 on August 08, 2009, 06:42:22 PM

What is that site? hxtp://dftsoft.info/index.php??? Clicked on it accidentally n got...

This is why people here advise the changing of the URL to break it...

Quote from: DavidR on August 08, 2009, 05:20:09 PM

<snip>
####
Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Malpas, Please could you modify your first post and do this (click the modify button on the top right of the post) It is very important, for obvious reasons above...

DavidR · « **Reply #8 on:** August 08, 2009, 07:11:53 PM »

Quote from: Black3agl3 on August 08, 2009, 06:42:22 PM

What is that site? hxtp://dftsoft.info/index.php??? Clicked on it accidentally n got...

That is the second one you have clicked now, so you seem to be rather curious/accident prone

It is a site that is delivering malicious content, what that might be is anyone's guess as to find out you would have to lower all web protection (crazy) to find out what came down the pipe and there is no guarantee that what comes down would be detected by avast.

So as I said before visiting suspect sites could get you infected. If this happened to be a new variant of vitro, etc. it could be as serious as a format and reinstall from scratch. Back-up and recovery then become your saviour.

Black3agl3 · « **Reply #9 on:** August 08, 2009, 08:10:23 PM »

Quote from: DavidR on August 08, 2009, 07:11:53 PM

That is the second one you have clicked now, so you seem to be rather curious/accident prone

The first time was not accidental... I was curious... this one was accidental...

Quote

what that might be is anyone's guess as to find out you would have to lower all web protection (crazy) to find out what came down the pipe and there is no guarantee that what comes down would be detected by avast.

Note that I'm not crazy...

Quote

So as I said before visiting suspect sites could get you infected.

I rarely do so...

Quote

If this happened to be a new variant of vitro, etc. it could be as serious as a format and reinstall from scratch. Back-up and recovery then become your saviour.

I hav no serious data to lose...I'm no big company or anything n no one really uses this pc except me

... though I have already backed up all that seem important to me...

Author Topic: mesage from web page (Read 4937 times)

malpas

mesage from web page

nmb

Re: mesage from web page

DavidR

Re: mesage from web page

malpas

Re: mesage from web page

cinchez

Re: mesage from web page

malpas

Re: mesage from web page

Black3agl3

Re: mesage from web page

spg SCOTT

Re: mesage from web page

DavidR

Re: mesage from web page

Black3agl3

Re: mesage from web page