Author Topic: Avast Web shield has blocked a threat. Infection: URL:MAL  (Read 24136 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast Web shield has blocked a threat. Infection: URL:MAL
« on: February 11, 2015, 04:11:47 AM »
Hi All,

I keep receiving below warning even I am not visiting travellife.org. I've tried to google what happened, I empty the cache in safari, run a full scan and nothing seems help at all. Someone said it is a false positive, and I reported to Avast.

If I remember correctly, it seems happened since upgrade to Yosemite.

Avast Web shield has blocked a threat.
Infection: URL:MAL
URL: hxtp://www.travellife.org/
Process:/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking

Any idea?

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #1 on: February 11, 2015, 09:41:01 AM »
Hello,
detection of this domain was disabled 9th Feb 2015. Do you have latest virus definitions?

Milos

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #2 on: February 11, 2015, 02:33:30 PM »
I am wondering on why it is (or was) detected even if the op doesn't visit that website.

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #3 on: February 11, 2015, 05:21:53 PM »
I am wondering on why it is (or was) detected even if the op doesn't visit that website.

He must not visit it intentionally with a browser. It can be any application that uses the standard
WebKit proccess to access the internet.

REDACTED

  • Guest
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #4 on: February 12, 2015, 06:59:01 AM »
Quote
Hello,
detection of this domain was disabled 9th Feb 2015. Do you have latest virus definitions?

Milos

Thanks

Quote
He must not visit it intentionally with a browser. It can be any application that uses the standard
WebKit proccess to access the internet.

I've no idea why it was triggered, I've rarely access to that URL, last time was many years back. How can I find out which application trigger this?

REDACTED

  • Guest
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #5 on: March 02, 2015, 10:20:55 PM »
hi

I placed my domains comxxxxxxxx.com and mixxxxx.com  in my hosting server and both can not be accessed from firefox or chrome because the complement Avast blocks web pages with the message Infection: URL: MAL

As I can unlock my web pages?
« Last Edit: March 16, 2015, 02:59:20 PM by dirkst »


REDACTED

  • Guest
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #7 on: March 12, 2015, 11:20:13 PM »
Hi

I have corrected the rDNS and my domains comxxxxxxxx.com and mixxxxx.com have been freed from most of the blacklist as Norton, Google, Eset, etc.

I need these two domains are unlocked Avast

Can you help me?
« Last Edit: March 16, 2015, 02:58:50 PM by dirkst »

REDACTED

  • Guest
Hi, all.

I just installed Avast on my iMac running Yosemite, and shortly after the installation was complete, Avast showed me four scary "Infection blocked!" popups that mention URLs that I have never intentionally visited: 32463592.forbition.com, 20460127.volcanish.com, 21350321.volcanish.com, and 72233711.increaseenergysavings.com. 

Each of the warning popups mentioned this process:

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

I have done a full scan of my system with Avast and it does not show any malware present.

Any advice or suggestions would be appreciated. Thanks in advance.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Hi, all.

I just installed Avast on my iMac running Yosemite, and shortly after the installation was complete, Avast showed me four scary "Infection blocked!" popups that mention URLs that I have never intentionally visited: 32463592.forbition.com, 20460127.volcanish.com, 21350321.volcanish.com, and 72233711.increaseenergysavings.com. 

Each of the warning popups mentioned this process:

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

I have done a full scan of my system with Avast and it does not show any malware present.

Any advice or suggestions would be appreciated. Thanks in advance.

Disable all Safari extensions and test, then enable one by one until you find the culprit.

REDACTED

  • Guest
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #10 on: April 10, 2015, 12:31:37 AM »
Hi, Specimen 9999. Thanks for the quick reply.

Alas, the culprit does not seem to be any extension. I had only one extension running for Safari (1Password) and I tried disabling it  per your suggestion, but I'm still getting the same kind of warnings from Avast's Web Shield. All of the warnings seem to be related to attempting to access kubows.com, forbition.com, fairtray.com, and volcanish.com. They all seem to be connected to activity by com.apple.WebKit.WebContent.

I'm totally puzzled. I have never gone to any of those websites intentionally, and I don't seem to have any cookies or databases on my system that are related to them.

Any other suggestions would be appreciated.

REDACTED

  • Guest
Re: Avast Web Shield has blocked a threat. Infection: URL:MAL
« Reply #11 on: April 10, 2015, 01:08:32 AM »
Got it! Maybe the following info will help somebody else with the same question. Avast was indeed calling attention to malware links but they were in Mail, rather than in Safari files.

I use Apple Mail to download (via IMAP) all my webmail from Yahoo.  Apple Mail puts anything from Yahoo's spam folder into a "Junk Mail" folder on my system.

Today I noticed that as soon as I selected these messages in preparation for deleting them, Avast's Web Shield instantly popped up the warnings I mentioned previously.

I would have thought that Mail Shield would have handled this kind of thing but for some reason Web Shield handled the task for Avast. I confirmed this by hovering my cursor over several of the messages to see where the links in them actually pointed. Sure enough, there were links to various malware-bearing websites such as fairtray.com, matching the sites in the Web Shield pop-up warnings.

Hope this is helpful info. It certainly made me more respectful of Avast's capabilities, and even more wary of spam.


Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: Avast Web Shield has blocked a threat. Infection: URL:MAL
« Reply #12 on: April 10, 2015, 02:13:25 AM »
Got it! Maybe the following info will help somebody else with the same question. Avast was indeed calling attention to malware links but they were in Mail, rather than in Safari files.

I use Apple Mail to download (via IMAP) all my webmail from Yahoo.  Apple Mail puts anything from Yahoo's spam folder into a "Junk Mail" folder on my system.

Today I noticed that as soon as I selected these messages in preparation for deleting them, Avast's Web Shield instantly popped up the warnings I mentioned previously.

I would have thought that Mail Shield would have handled this kind of thing but for some reason Web Shield handled the task for Avast. I confirmed this by hovering my cursor over several of the messages to see where the links in them actually pointed. Sure enough, there were links to various malware-bearing websites such as fairtray.com, matching the sites in the Web Shield pop-up warnings.

Hope this is helpful info. It certainly made me more respectful of Avast's capabilities, and even more wary of spam.
Mailshield handles the download of mail via IMAP or POP (email protocols). If the webshield was the one flagging it it probably means that these emails have links, web links, like images that are stored remotely and as such use the HTTP protocol, hence the web shield intervention as it filters all HTTP requests.

The WebKit framework is what OS X uses to fetch and display web content in and outside the browser, Safari. It's the web engine that not only powers the browser but also any web content displayed elsewhere.

You don't happen to have 'display of remote images' in email messages turned on?
« Last Edit: April 10, 2015, 02:17:16 AM by specimen9999 »

REDACTED

  • Guest
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #13 on: April 10, 2015, 02:24:45 AM »
I don't see anything in Apple Mail's Viewing preferences specifically called "display remote images" but I did have "Load remote content in messages" turned on. Is that the same thing?

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: Avast Web shield has blocked a threat. Infection: URL:MAL
« Reply #14 on: April 10, 2015, 02:28:23 AM »
I don't see anything in Apple Mail's Viewing preferences specifically called "display remote images" but I did have "Load remote content in messages" turned on. Is that the same thing?

Yes, exactly, sorry, that's what I meant. That explains it. It's safer to have that turned off, you are automatically downloading web content that might not be safe, such as the content that webshield blocked.