Author Topic: Malware detection in clogitec.com  (Read 2667 times)

0 Members and 1 Guest are viewing this topic.

Offline Druss

  • Newbie
  • *
  • Posts: 13
Malware detection in clogitec.com
« on: January 11, 2020, 06:19:26 PM »
Hello there,

Since a few days, Avast repeatedly notify me having blocked a connection to clogitec.com, with the reason being that it is infected by "Other: Malware-gen[Trj]" in the processus Firefox.exe. Problem is that I never tried to connect to this website (I don't know what it is), so I supposed it's another problem. When I scan with Avast and Malwarebytes, nothing is found ; I tried also in safe mode, but Malwarebytes found nothing, and Avast don't want to work...
I'm with Windows 8 64 bits, my navigator is Firefox 72.0.1.

Thanks in advance for your help and sorry for my english if I made mistakes.

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 45125
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Malware detection in clogitec.com
« Reply #1 on: January 11, 2020, 08:57:46 PM »

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Malware detection in clogitec.com
« Reply #2 on: January 11, 2020, 11:56:16 PM »
The URL name ( clogitec ) sounds like a fake Logitech website ?

Could be why it is Blacklisted
https://www.virustotal.com/gui/url/3a5de8f1b89ff3e861003c949cfadb7fbcb1008875b2ce8bebd1770eeebdda3f/detection

Could also be why it is taken down
https://downforeveryoneorjustme.com/clogitec.com


« Last Edit: January 12, 2020, 12:08:17 AM by Pondus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Malware detection in clogitec.com
« Reply #3 on: January 12, 2020, 12:05:30 AM »
Quote
When I scan with Avast and Malwarebytes, nothing is found ; I tried also in safe mode, but Malwarebytes found nothing, and Avast don't want to work...
-Scanning in safe mode does not have any detection advantages, what it give you is removal advantages if you have problems removing something that is already detected

-avast have boot scan

-Malwarebytes is not designed to be run in safe mode, it will run but all drivers are not loaded so will run crippled


« Last Edit: January 12, 2020, 12:51:11 AM by Pondus »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33054
  • malware fighter
Re: Malware detection in clogitec.com
« Reply #4 on: January 12, 2020, 12:35:54 AM »
Pondus,

Detection was still there a day ago, but now you will get a 403 error for that site.
Cloudflare took it down, but still that IP relations scan shows it at VT IP relations scan results.
https://www.virustotal.com/gui/ip-address/172.64.164.39/relations
and https://www.virustotal.com/gui/ip-address/104.18.41.175/relations
Re: https://toolbar.netcraft.com/site_report?url=clogitec.com

Quote
ate: Sat, 11 Jan 2020 23:32:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=d9def688b2b2a83c75a64925e5a6da2801578785539; expires=Mon, 10-Feb-20 23:32:19 GMT; path=/; domain=.clogitec dot com; HttpOnly; SameSite=Lax
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 553ab0788f6a9572-IAD

Content that was returned by your request for the URL: htxp://clogitec.com/

1:  < html>
2:  < head> < title> 403 Forbidden< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 403 Forbidden< /h1> < /center>
5:  < hr> < center> nginx< /center>
6:  < /body>
7:  < /html> Content after the < /html> tag should be considered suspicious.

8:  < !-- a padding to disable MSIE and Chrome friendly error page -->
9:  < !-- a padding to disable MSIE and Chrome friendly error page -->
10:  < !-- a padding to disable MSIE and Chrome friendly error page -->
11:  < !-- a padding to disable MSIE and Chrome friendly error page -->
12:  < !-- a padding to disable MSIE and Chrome friendly error page -->
13:  < !-- a padding to disable MSIE and Chrome friendly error page -->
This at IP address -104.18.40.175

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Druss

  • Newbie
  • *
  • Posts: 13
Re: Malware detection in clogitec.com
« Reply #5 on: January 12, 2020, 04:57:22 PM »
Hello,
So I reported a false positive, as bob tells me. I suppose I have to wait a bit to see a change (for it continues to be detected, in the mean time) ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Malware detection in clogitec.com
« Reply #6 on: January 12, 2020, 09:56:56 PM »
Hello,
So I reported a false positive, as bob tells me. I suppose I have to wait a bit to see a change (for it continues to be detected, in the mean time) ?
Since it is blacklisted and taken down (not online anymore) i think detection is/was correct
You may have some crap in your browser that try to connect to that URL


Offline Druss

  • Newbie
  • *
  • Posts: 13
Re: Malware detection in clogitec.com
« Reply #7 on: January 12, 2020, 10:06:45 PM »
Ok. So how I can delete this crap if neither Avast nor Malwarebytes found it ? Could you recommend me something ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Malware detection in clogitec.com
« Reply #8 on: January 12, 2020, 10:10:45 PM »
read and follow instructions here  >>  https://forum.avast.com/index.php?topic=194892.0

The two diagnostic logs from step #2 must be attached



Offline Druss

  • Newbie
  • *
  • Posts: 13
Re: Malware detection in clogitec.com
« Reply #9 on: January 25, 2020, 04:59:24 PM »
Hello there,

Sorry for the long delay to answer, but since my last message Avast stopped to notify it until this morning. So about the logs asks, please find them attach. I will grateful if you could see what is going on here.

Offline Druss

  • Newbie
  • *
  • Posts: 13
Re: Malware detection in clogitec.com
« Reply #10 on: January 28, 2020, 10:00:55 PM »
Nobody ?  :(

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 827
Re: Malware detection in clogitec.com
« Reply #11 on: January 29, 2020, 06:05:31 PM »
Are Firefox or Chrome opened when Avast display notification?

Offline Druss

  • Newbie
  • *
  • Posts: 13
Re: Malware detection in clogitec.com
« Reply #12 on: January 29, 2020, 07:03:31 PM »
Yes, Firefox. It's on this processus that the connection is detected.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 827
Re: Malware detection in clogitec.com
« Reply #13 on: January 29, 2020, 08:30:45 PM »
In Firefox open this address:

about:serviceworkers

and delete/unregister all listed entries.

Offline Druss

  • Newbie
  • *
  • Posts: 13
Re: Malware detection in clogitec.com
« Reply #14 on: January 31, 2020, 07:09:50 PM »
I try, but it changes nothing. Avast continues to detect the connection.