URL:Mal -> hXXp://www.deltopia.com unexplained issues

[archambp]

I purchased deltawalker some time ago for my mac. I decided to install it on my pc and update it on my mac.

While trying to update the software avast displayed the alert on the pc.

At first I though my niece managed to install malware despite my defenses when she used my pc so I scanned all my systems with ~10 different scanners for virus or malware on top of what is instructed in this forum.

For a partial list see: hXXp://www.technobuzz.net/10-best-free-online-virus-and-malware-scanners/

Everything came out clean and avast didn't trigger the alert for anything else making me think the site is infected with malware BUT...

At work computers running Symantec end point protection (neither my pc or my macbook pro) didn't trigger a similar alert either with browsers or the same recently installed deltawalker.

At which point I'm thinking maybe my system really has malware installed so I decide to install avast on my mac at home and try out the website which also didn't trigger the alert.

I'm assuming avast is using the same signatures and appropriate heuristics on the mac.

Right now I'm unconvinced either way because I cannot find any evidence of malware on my pc. I also can't trigger the same alert using avast on a mac and also can't trigger alerts on similar systems using another solution like Symantec.

I believe I need an independent assessment to look at my logs and see if I missed something or that could explain what might be going on.

[archambp]

Here are a few more logs...

Your help is greatly appreciated,
Pierre

[DavidR]

There may be some delay in analysing your logs due to differing time zones and availability of the volunteer malware removal specialists.

[essexboy]

Hi a question do you know what programme this folder relates to ?

C:\Users\Victor\AppData\Local\Temp\pdk-Victor-4220\bd5179a413bc0c4b82eedc22c6cab101
Last modified date  [2012/09/21 19:50:42 ]

[archambp]

The pc is used as a media server running Squeezebox software.

The Squeezebox server software has component written using Active State's Perl Dev Kit.

I believe the folder naming convention is something like this:

    {pdk}-{user account}-{port}/{md5 hash}/{server binary}

[essexboy]

Ta ..  Could you post a screenshot of the alert so that I can see where it is generated from

[archambp]

I scanned my system with two more tools looking for evidence of anything that does not belong on my machine. Again both returned stating my system was clean.

As requested I've included two screen caps.

The file avast_warning_deltawalker.jpg is from the original application who's update triggered the warning.
Whereas avast_warning_chrome.jpg is from trying it in a browser.
The same warning is generated from FF and IE as well.

Any software that is able to issue http requests to that site's url generates the warning leading me to the conclusion that the site might be infected with malware but avast on the mac doesn't generate the same warning and other vendors of similar software on similar platforms hitting the same url also do not trigger this alert.

Very strange and inconclusive...

Thanks for helping me get to the bottom of this!

Pierre

[essexboy]

It is the web site I have just visited it

[archambp]

Here is what confuses somewhat. AVAST presumably uses the same signatures are heuristics on both its win and osx software. Why is it that the osx version doesn't detect the malware from the site?

[essexboy]

Just run it through Zscaler and the following part is removed  :

Redirections: http://www.deltopia.com/compare-merge-sync/windows/ (302 Moved Temporarily)

And as that is geared to windows mayhap mac will not go there, but this is the part Avast was alerting on

http://zulu.zscaler.com/submission/show/b0c5fa97a17bf0582e70baf3c52c9d12-1348758356

[archambp]

I feel much better now that the trigger of this warning has been identified.

Thank you very much essexboy!

[essexboy]

No problem, run OTL and press the cleanup button to remove it