« previous next »
Pages: [1]   Go Down

Author Topic: New virus.  (Read 1776 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
New virus.
« on: June 26, 2017, 03:24:08 PM »
avast new virus welcome for me delete new antivirus scanner for vk.com - Cezurity Scanner .
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: New virus.
« Reply #1 on: June 26, 2017, 06:40:35 PM »
Hi Igor,

Probably adware detected for the chrome extension there. Was the detection set in PUP mode.
Do not know about this cloud service scanner to be compatible with avast?

Wait for an avast team member to confirm the scan results and the final verdict.
See the download insecurity issues here: Cezurity_Scanner.exe -> security headers and meta security headers missing on download page.

Nothing flagged here: https://www.virustotal.com/pl/url/b8308ec598cc05e959685d7fc394d4de7f627c0f432e29e3a6f06def31e2e943/analysis/1498493084/

Various json no content status (redirects?): https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=vk-gate.cezurity.com&ref_sel=GSP2&ua_sel=ff&fs=1

16 adblocked met: https://urlscan.io/result/a0ec65d7-25a6-437f-92f9-3444802a0c2f#summary
redirect found to -page.url:hxtps://vk.com/topic-38890254_26970150
-> https://urlscan.io/result/e3430175-5b62-4762-ba00-129f2c77de6a#summary

Verdict PHISHING going on according to this report: https://aw-snap.info/file-viewer/?protocol=secure&tgt=vk.com%2Ftopic-38890254_26970150&ref_sel=GSP2&ua_sel=ff&fs=1

The scan has detected URL(s) from your site and/or IP in Phishing DBs -
This link Flagged URL(s)? will open a utility that will list out any URL(s) from your domain that are listed in Phishing DBs and tell you if Google is currently flagging the URL.
Remove a phishing or web forgery warning! Flagged JS/Phish a risk they run by using dynamic javascript that becomes hacked.

The scan has detected some potential problems in these files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.

1 -> /js/al/common.js?1150_2164441140

Wait until they clean up their act at data center Selectel or at CDN, Akamai EU...

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: New virus.
« Reply #2 on: June 27, 2017, 12:28:35 PM »
Adware.generic doesn't sound like Avast's detection name, and I am not familiar with the visual style of the message. Are you sure this comes from Avast?
Logged
Pages: [1]   Go Up
« previous next »