Author Topic: avast blocking piriform forum  (Read 4674 times)

0 Members and 1 Guest are viewing this topic.

Offline JohnnyBob

  • Sr. Member
  • ****
  • Posts: 205
  • Peace
avast blocking piriform forum
« on: November 02, 2012, 07:35:54 AM »
avast blocking piriform forum

http://forum.piriform.com/

Sometimes I get an avast popup saying it is blocking a virus, sometimes not, but I always get:

Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23

anybody else?
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 35.0.1 & IE8, Outlook Express.

Offline Asyn

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30843
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
XP SP3 - Avast 10.2.2217.R2.SP2.B - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.6 [NS/ABP/EHH/BP/SVC] - Thunderbird 31.6 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline JohnnyBob

  • Sr. Member
  • ****
  • Posts: 205
  • Peace
Re: avast blocking piriform forum
« Reply #2 on: November 02, 2012, 08:23:46 AM »
Thanks for the links. The first time I tried the zscaler.com link, it said forum.piriform.com is OK. The second time is said it is malicious. The securi.net link reports it as malicious.

forum.piriform.com is an old established forum. I don't go there frequently so don't know how long this problem has existed. Of course they could be infected but I doubt it. I suspect it's just a bug in their code. I tried to email their webmaster but it was returned as undeliverable.
« Last Edit: November 02, 2012, 08:28:55 AM by JohnnyBob »
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 35.0.1 & IE8, Outlook Express.

Offline Asyn

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30843
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast blocking piriform forum
« Reply #3 on: November 02, 2012, 08:29:11 AM »
1. Thanks for the links.
2. I've emailed their webmaster.

1. You're welcome.
2. Good.
XP SP3 - Avast 10.2.2217.R2.SP2.B - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.6 [NS/ABP/EHH/BP/SVC] - Thunderbird 31.6 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26518
Re: avast blocking piriform forum
« Reply #4 on: November 02, 2012, 08:36:45 AM »
Quote
Of course they could be infected but I doubt it.
of cours not....avast must be wrong  ;)

http://urlquery.net/report.php?id=77737

and the site seems to be down now


we have a article somwhere in here (cant find the link now) about infected websites hacked/found every 3,5sek


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30843
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast blocking piriform forum
« Reply #5 on: November 02, 2012, 08:38:45 AM »
Quote
Of course they could be infected but I doubt it.
of cours not....avast must be wrong  ;)

They always say that... ::)
XP SP3 - Avast 10.2.2217.R2.SP2.B - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.6 [NS/ABP/EHH/BP/SVC] - Thunderbird 31.6 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline JohnnyBob

  • Sr. Member
  • ****
  • Posts: 205
  • Peace
Re: avast blocking piriform forum
« Reply #6 on: November 02, 2012, 08:48:46 AM »
According to the following 2 testers, forum.piriform.com is up
http://www.isup.me/forum.piriform.com
http://host-tracker.com/check_res_ajx/11494891-0/
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 35.0.1 & IE8, Outlook Express.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26518
Re: avast blocking piriform forum
« Reply #7 on: November 02, 2012, 08:50:19 AM »
found it

Every 3.6 seconds a website is infected
http://www.scmagazine.com/every-36-seconds-a-website-is-infected/article/140414/

noting is 100% secure......
and the more people that visit a site, the more interesting it is for thew bad guys to infect as they fish in the pond that have most fish.....bigger chanse that somone take the bait
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26518
Re: avast blocking piriform forum
« Reply #8 on: November 02, 2012, 08:52:04 AM »
According to the following 2 testers, forum.piriform.com is up
http://www.isup.me/forum.piriform.com
http://host-tracker.com/check_res_ajx/11494891-0/

see the urlQuery link i posted above.....click the picture in top right corner
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36358
  • Dragons by Sasha
    • Malware fixes
Re: avast blocking piriform forum
« Reply #9 on: November 02, 2012, 03:09:48 PM »
Any site can get infected... Geeks to Go was hit about a year back, only Avast spotted it.  The site was down for a day whilst they cleared the redirect malware

EDIT:  A hack has been confirmed, cleaning it now 
« Last Edit: November 02, 2012, 03:29:44 PM by essexboy »

Offline JohnnyBob

  • Sr. Member
  • ****
  • Posts: 205
  • Peace
Re: avast blocking piriform forum
« Reply #10 on: November 02, 2012, 03:36:41 PM »
I'm not getting the avast block anymore (are you?), just
Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 41
So I think this is a case of a buggy website, not a virus. They've cut themselves off from the outer world by making their registration private and not providing a working email address to contact them. So they may still be unaware.
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 35.0.1 & IE8, Outlook Express.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 714
  • A Good Old Indian!
Re: avast blocking piriform forum
« Reply #11 on: November 02, 2012, 03:56:11 PM »
there is infection there...better not go there  ::)

Offline JohnnyBob

  • Sr. Member
  • ****
  • Posts: 205
  • Peace
Re: avast blocking piriform forum
« Reply #12 on: November 02, 2012, 04:04:36 PM »
there is infection there...better not go there  ::)
I can't. Apparently nobody can because of the website coding bug. It's not working. I doubt that it is a virus.
free avast! 9.0 installed without Email Shield (not needed). Web shield disabled. All other "extras" are not installed or disabled. It wanted server status access to the internet which I blocked permanently via ZA. I also killed AvastEmUpdate.exe by renaming it in Safe Mode. Windows XP Home SP3, ZoneAlarm 6.1.744.001, Firefox 35.0.1 & IE8, Outlook Express.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36358
  • Dragons by Sasha
    • Malware fixes
Re: avast blocking piriform forum
« Reply #13 on: November 02, 2012, 04:05:56 PM »
Neither Eset nor MBAM will allow you to go there , so methinks an infection is the best bet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71584
  • No support PMs thanks
Re: avast blocking piriform forum
« Reply #14 on: November 02, 2012, 04:07:16 PM »
Lets put it this way, why would piriform.com, a UK Company, be connecting to a Russian IP address (rather than a plain language domain name), at best that is obfuscation, at worst highly suspect.

http://en.wikipedia.org/wiki/Piriform_%28company%29.
Quote
"Piriform is a privately owned software house based in the West End of London, UK"

Though server appears to be in Texas.

When this is in relation to an iframe, I get even more suspicious as it reeks of iframe injection. Look further and you will find that the 46.166.147.133 IP address is on the avast malicious sites list and WOT doesn't like it either. I'm sure if you do any further analysis on the 46.166.147.133 IP you will no doubt find more, so it looks like an iframe injection attack on piriform.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2217 R2-SP2 beta/ Outpost Firewall Pro9.1/ Firefox 37.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security