Author Topic: HTML:Url-inf[Susp] threat quarantined  (Read 9252 times)

0 Members and 1 Guest are viewing this topic.

Offline roger.french2

  • Newbie
  • *
  • Posts: 7
HTML:Url-inf[Susp] threat quarantined
« on: June 26, 2021, 05:09:45 PM »
Since yesterday my Avast free anti-virus has been putting a pop-up on my screen many times during the day to say this threat has been quarantined.

I have deleted everything in the quarantine file several times but it continues to produce this pop-up. I have completed a scan, clean-up and deleting cache and cookie but still keep getting this pop-up.

The details shown suggest it is a problem with an email that is using my work email address but not a subject matter that I have actually sent out.

What is this threat and how do I stop this irritating notification once and for all?

On a separate note how crap is the verification process!! Reading the letters is appalling and even listening to them still can't produce a match. Very poor.
« Last Edit: June 26, 2021, 05:41:56 PM by roger.french2 »

Offline Scott488

  • Newbie
  • *
  • Posts: 2
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #1 on: June 26, 2021, 06:13:45 PM »
Do you get alot of emails, legit or not? I am having the same problem and I noticed it was quarantining emails as it did this to an email where I had requested a password reset from a legit site. Now I have no idea if some of these emails it is kidnapping are some I may need or not. It all started with that update the other day. I posted to another string and stated the devs definitely needed to get involved. Hopefully the moderator that answered another person sees mine and escalates this issue. I have also posted a false positive in the support area. And I agree with the stupid verification bit. Cant hardly see the letters. And really? What year is it? What the hell does that do to verify anything?

Offline roger.french2

  • Newbie
  • *
  • Posts: 7
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #2 on: June 26, 2021, 09:14:48 PM »
The Avast pop-up refers to the same email every time which was supposedly a request for a BUPA password change with my work email address which was not sent by me. I get a few emails in my inbox on a daily basis probably between 10 and 20 tops.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #3 on: June 27, 2021, 09:32:30 AM »
On a separate note how crap is the verification process!! Reading the letters is appalling and even listening to them still can't produce a match. Very poor.
Captcha is only needed for your first 3 posts. (Spam protection)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Wolfmann21

  • Newbie
  • *
  • Posts: 2
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #4 on: June 27, 2021, 04:46:31 PM »
I agree the Verification on this site is ridiculously hard to comply with.

So what's the verdict on this quarantine notice? I think I started getting it yesterday, but maybe much earlier than that because it looks familiar. I've also seen reference to it originating in email -- mine in particular from academia-mail.com, a site for academics to upload their papers, theses and so on. Been reading this site for years and I really want to know whether this Avast warning/quarantine is legitimate or a false flag of some sort.
« Last Edit: June 27, 2021, 08:59:07 PM by Wolfmann21 »

Offline Wolfmann21

  • Newbie
  • *
  • Posts: 2
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #5 on: June 27, 2021, 06:30:43 PM »
I'm adding my own screengrab from yesterday, since I use Thunderbird email as opposed to OP's Outlook, and to show other variations...

Offline roger.french2

  • Newbie
  • *
  • Posts: 7
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #6 on: June 28, 2021, 11:52:09 PM »
This notification just won't go away and I cannot find any real support from Avast. Found a telephone number and they suggested unistalling Avast and reinstalling so spent the best part of a few hours rebooting and reinstalling thinking this was the answer. How wrong I was - still getting the same pop-up notification.

Anybody have any suggestions how to get hold of Avast to actually answer the question here?

What a surprise the verification code doesn't match. Who said you don't need to use it after the initial post??

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #7 on: June 29, 2021, 12:44:37 AM »
<Snip>
What a surprise the verification code doesn't match. Who said you don't need to use it after the initial post??

No one, it is for the first 3 posts, which you now have.

If the offending file was sent to the Virus Chest as one of the images suggests, then you can submit it for analysis from the Virus Chest.
« Last Edit: June 29, 2021, 12:50:28 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline roger.french2

  • Newbie
  • *
  • Posts: 7
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #8 on: June 29, 2021, 11:16:48 AM »
Thanks for the advice and to confirm I sent the files for analysis a few days ago.

Do you know what sort of turn around time to expect as no acknowledgement is forthcoming from Avast?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #9 on: June 29, 2021, 12:58:18 PM »
I don't know what the turn round time is for this function, I don't know if you would even get a reply.  I'm not sure because, technically your submission doesn't have an email contact (e.g. I don't think they check your system).

There are many unknowns (certainly to me), is this from an email and I don't know if it is the whole email or an attachment.

You could try this, to check if it is no longer detected.  Use the Extract option (give a temporary folder, not the original) on the file in the chest, when it is extracted there if it is detected again you know it is still considered malware, etc.  When Avast alerts don't send it to the chest again and then try and submit that as a possible false positive.

Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.  Normally you would get a response in a day or two.

###
This is where it becomes very unclear for me, if it is found to be an FP and this is an email (it doesn't really have a file structure) or an email attachment I don't know how these are dealt with.  For a bog standard file it can be placed back in the folder it came from and you should be good to go.  But for an email file or attachment, many email programs don't hold emails individually but in the inbox, etc.

This is basically a big file (possibly compressed) and outside of that folder you can't just insert it back in there as it could corrupt the whole folder, which could result in the loss of the emails in that folder.

If an attachment it is in itself a file with an extension that can be opened, run outside of the email so doesn't really present as much of a problem, as for the most part you would have extracted that in order to view/run.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline kevinjohnwoodford

  • Newbie
  • *
  • Posts: 3
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #10 on: July 01, 2021, 10:38:28 PM »
I am getting similar error messages. Could this be a fault with Avast. As it seems Avast is not dealing with this issue, should I switch to Bitfender. As least then I'll find out if this is a genuine error or simply a problem with Avast.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #11 on: July 01, 2021, 11:37:27 PM »
I am getting similar error messages. Could this be a fault with Avast. As it seems Avast is not dealing with this issue, should I switch to Bitfender. As least then I'll find out if this is a genuine error or simply a problem with Avast.

With zero information other than 'similar' it is impossible to say.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline roger.french2

  • Newbie
  • *
  • Posts: 7
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #12 on: July 02, 2021, 09:51:07 AM »
I don't know what the turn round time is for this function, I don't know if you would even get a reply.  I'm not sure because, technically your submission doesn't have an email contact (e.g. I don't think they check your system).

There are many unknowns (certainly to me), is this from an email and I don't know if it is the whole email or an attachment.

You could try this, to check if it is no longer detected.  Use the Extract option (give a temporary folder, not the original) on the file in the chest, when it is extracted there if it is detected again you know it is still considered malware, etc.  When Avast alerts don't send it to the chest again and then try and submit that as a possible false positive.

Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.  Normally you would get a response in a day or two.

###
This is where it becomes very unclear for me, if it is found to be an FP and this is an email (it doesn't really have a file structure) or an email attachment I don't know how these are dealt with.  For a bog standard file it can be placed back in the folder it came from and you should be good to go.  But for an email file or attachment, many email programs don't hold emails individually but in the inbox, etc.

This is basically a big file (possibly compressed) and outside of that folder you can't just insert it back in there as it could corrupt the whole folder, which could result in the loss of the emails in that folder.

If an attachment it is in itself a file with an extension that can be opened, run outside of the email so doesn't really present as much of a problem, as for the most part you would have extracted that in order to view/run.

To put this in context I am a desk top user so my technical skils/knowledge are next to zero. I rely on Avast to provide a level of protection and assumed there would be some sort of help desk via the website to clarify any issues.

I am guessing that this forum is made up of non-Avast people who are willing toshare their knowledge in the event that this can resolve any issues.

I have no idea what the issue relates to that Avast has identified but the details it has provided suggests it is an email that was sent using my work email address requesting a password change from BUPA. I haven't sent any such email or made any request for a password change so have no idea how Avast has identified this threat.

I have used what options there are available to extract the file and report a false negative whatever that means (as I said my technical knowledge is next to zero).

I have been getting this pop-up notification approximately twice an hour for the last 7 days and there is no sign of it stopping.

I have uninstalled Avast completely and re-installed it but this has not cured the problem.

What other options, if any, are out there?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #13 on: July 02, 2021, 12:37:03 PM »
The majority of those in the forums are Avast Users (as I am) trying to help others, only those with Avast Team in the details window to the left of their posts are Avast Team members (see attached image example).

Reinstalled avast is unlikely to resolve the alert as it is in an incoming email (your screenshot image 1) as this would be contained within the virus definitions. 

To me this appears to be a scam email trying to capture your login credentials for BUPA (you may not even have this cover ?) by sending you speculative email.  Or if you have BUPA, someone could have been trying to access it, but I don't think this is as likely.

If you haven't got BUPA then it is possible that your email work email address has been harvested by some spammer as the volumes you are reporting seem to be excessive if it were a legit.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: HTML:Url-inf[Susp] threat quarantined
« Reply #14 on: July 02, 2021, 02:15:10 PM »
Hi,

The detection was disabled on 28.6.2021. Are you still receiving these detections?
Please try to manually update the virus definitions. Please see this guide: https://support.avast.com/en-us/article/Update-Antivirus/
If the detection is still occurring after the update, please report it via https://www.avast.com/false-positive-file-form.php