Author Topic: Are web shield warnings about bidr.trellian.com a false positive?  (Read 12611 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Are web shield warnings about bidr.trellian.com a false positive?
« on: September 23, 2016, 06:08:25 PM »
For the past couple of days Avast has been popping up notifications on all 3 of our Macs about blocking HTML:Framer-inf from http://bidr.trellian.com

But a couple of different site scanners come back reporting the site as clean.

I'm using Avast Mac Security 2015, version 11.17 (46792), virus definitions 16092300 so everything is very up to date.

Is this a false positive?  If so, is there any way to stop it from happening so my spouse and kid don't keep freaking out and calling me about the Avast notifications popping up on their Macs? :-)


REDACTED

  • Guest
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #2 on: September 23, 2016, 06:27:20 PM »
I'm having the same problem, but forgive me for not understanding the reply... what are we supposed to DO with those suggested URLS? Go to them? Watch out for them?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #3 on: September 23, 2016, 06:37:41 PM »
They are the scan results for that site with what is found.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #4 on: September 23, 2016, 06:39:57 PM »
The URLs are basically from analysis sites, they give information on the bidr.trellian.com site.

What to do, look at them and see what they have found on their analysis of the bidr.trellian.com site.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #5 on: September 23, 2016, 06:54:58 PM »
Here the main domain is reported as malicious by various reporters: https://www.mywot.com/en/scorecard/trellian.com?utm_source=addon&utm_content=popup
See that MBAM flags here: http://hosts-file.net/?s=trellian.com  High Risk Malware classification.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #6 on: September 23, 2016, 09:54:47 PM »
I'm having the same problem, but this warning is popping up on many of the websites to which I normally browse.  It's not a problem of trying to go to the listed malicious site, but that many normal sites are giving that warning (like nytimes.com) about this trojan at said site when I'm using Safari.  I'm wondering what the explanation is.

REDACTED

  • Guest
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #7 on: September 24, 2016, 06:34:16 PM »
A webpage can have code or an ad that tries to contact trillion when the page load in your browser.  In Safari, if one of those pages is one of your Top Sites and your Safari preferences are set to show Top Sites when a new page or tab opens, then Avast will show the web shield block message.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #8 on: September 25, 2016, 02:06:51 PM »
Hi,
bidr.trellian[.]com was blocked because it appears in this list: https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt (more info here: https://ransomwaretracker.abuse.ch/)
Do you think this is a false positive? Are you the owner?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #9 on: September 25, 2016, 02:53:57 PM »
Has been launching Cryptowall since 2012, Lastseen (UTC):   2016-07-26 07:59:22

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #10 on: September 26, 2016, 08:22:02 PM »
Yes, I purchased Avast, and it's my Mac Pro.  I don't know whether it's a false positive or not, or whether my system is infected.  A full scan revealed nothing.  Safari is not set to open Top Sites when I open a new window, just a blank page.  I do know that it appears the message appears sporadically when I open a new window, and I am not able to predict for which sites it will do this.  I always get essentially the same pop-up notification: the bottom of it where it says the process is located in System/Library/Frameworks/... is cut off.  The end of the URL that it's trying to reach seems to change once a day.
« Last Edit: September 26, 2016, 08:25:13 PM by profilename »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #11 on: September 26, 2016, 08:31:12 PM »
profilename,

your problem seem to have nothing to do with the topic of this thread.
Please start your own thread in the correct forum (this one is for Windows) and provide details.

REDACTED

  • Guest
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #12 on: September 26, 2016, 11:57:26 PM »
Eddy,  The initial post was about 3 Macs that the person has for which a warning about an infection at bidr.trellian.com is popping up.  So, you are incorrect: my post is precisely about the topic of this thread, as the same thing is happening on one of my Macs too.  It seems you misread the initial post.  If it should have been on a different board, you might mention it to the person who made the initial post.  I'll await a response to the issue that has been raised.

I just got the pop-up again, for the second time today.  It's at a different site almost every time, so I don't think the site to which I am browsing is the issue.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #13 on: September 27, 2016, 07:31:43 AM »
No, I'm correct and you are wrong.
Quote
many of the websites to which I normally browse.
The OP is mentioning only one site, you say many.
Quote
I just got the pop-up again, for the second time today.  It's at a different site almost every time,

Run the scans/checks.

REDACTED

  • Guest
Re: Are web shield warnings about bidr.trellian.com a false positive?
« Reply #14 on: September 27, 2016, 08:06:27 AM »
The poster said the messages are coming from bidr.trellian.com, which he then used a site scanner to scan.  All of the pop-up messages are coming from bidr.trellian.com for me as well.  He did not say that he was browsing to that specific site.  I have not been as well: the pop-ups referring to that site appear seemingly randomly as I browse other sites.  My issue appears from everything that was said to be the same issue.  You read more into the original post than is actually stated there, aside from missing that the original post was about Macs.