Author Topic: Avast shows a site is infected; Virustotal shows clean?  (Read 5105 times)

0 Members and 1 Guest are viewing this topic.

Offline mms

  • Newbie
  • *
  • Posts: 3
Avast shows a site is infected; Virustotal shows clean?
« on: December 17, 2022, 06:27:01 PM »
The site in question is:

cstms.berkeley.edu

Avast just aborted my connection indicating it was "infected with JS:Dropper-AABE[Trj]"

However, Virustotal and other url checkers show the site as clean.

I do have reason to believe the site might be infected, and I rarely get this message from Avast.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89208
  • No support PMs thanks
Re: Avast shows a site is infected; Virustotal shows clean?
« Reply #1 on: December 17, 2022, 07:06:09 PM »
You can use the - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

That said I have just visited your link without issue, see attached screenshot.

If you are still getting this alert, please attach a screenshot of the Avast Alert window (with the more details option open).  See screenshot 2 on how to attach.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mms

  • Newbie
  • *
  • Posts: 3
Re: Avast shows a site is infected; Virustotal shows clean?
« Reply #2 on: December 18, 2022, 04:01:40 AM »
Thanks for your reply.

Here is the screenshot.

Avast detected the threat in a tab that was already open (not when I first visited the site).

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89208
  • No support PMs thanks
Re: Avast shows a site is infected; Virustotal shows clean?
« Reply #3 on: December 18, 2022, 04:32:27 PM »
Unfortunately that old History entry screenshot doesn't provide a great deal of information.

If you can replicate it and post a screenshot of the Avast Alert window (with the more details option open) it may provide more information.  It is strange that you don't get this when you first open it (as I also found).

As I said you can report it, but the virus labs team are likely to see the same as you and I on first opening the site.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mms

  • Newbie
  • *
  • Posts: 3
Re: Avast shows a site is infected; Virustotal shows clean?
« Reply #4 on: December 18, 2022, 07:46:02 PM »
You're right, it didn't recur when I tried again.  I'll check again later.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89208
  • No support PMs thanks
Re: Avast shows a site is infected; Virustotal shows clean?
« Reply #5 on: December 18, 2022, 08:41:44 PM »
Hopefully it was just something of a one off.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Avast shows a site is infected; Virustotal shows clean?
« Reply #6 on: December 24, 2022, 03:46:11 PM »
The Word Press site has several issues
Outdated WordPress version at Fastly.  Update a.s.a.p.
Plug-in issues:
Quote
The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin   Update Status   About
wonderplugin-slider    Unknown   
contact-form-7 5.1.6   Warning   latest release (5.7.1)
https://contactform7.com/
jquery-collapse-o-matic 1.7.11   Warning   latest release (1.8.2)
https://pluginoven.com/plugins/collapse-o-matic/
google-analytics-for-wordpress 7.10.4   Warning   latest release (8.11.0)
https://www.monsterinsights.com/
add-to-any    Unknown   latest release (1.8.5)
https://www.addtoany.com/
events-manager 5.9.7.3   Warning   latest release (6.1.6)
https://wp-events-plugin.com

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!