Author Topic: Message about virus not sure if real or not  (Read 407 times)

0 Members and 1 Guest are viewing this topic.

Offline nadav_ossia

  • Newbie
  • *
  • Posts: 2
Message about virus not sure if real or not
« on: July 09, 2024, 06:51:42 PM »
I have the antivirus in the free version. Every few minutes the antivirus informs without me doing anything and without anything being open that it has blocked access to the site
cf-apsg-perf.xinheyi.net-URL:Blacklist
Malware is listed in the threat type I scanned the computer a full scan found nothing
Process C:\Program File(x86)\FormatFormatFactory\net_updater64.exe
I use quite a lot of this program FormatFactory I set the antivirus in an exception that will not report this software and it still reports I have another computer with this software and there is no notification about this threat
Thanks Nadav

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: Message about virus not sure if real or not
« Reply #1 on: July 09, 2024, 07:47:23 PM »
As you weren't intending to visit the site:
Start by clearing your browser cache and cookies, including 3rd party cookies and restart your browser.
If that resolves it you should be good to go.
If it doesn't try running your browser with add-ons disabled.

If that resolves it, have you added or updated any add-ons ?
If so try disabling that add-on - and restart and try again.
If still not resolved and you are using Chrome based browser - try this suggest by Avast Team member 'lukor'
What about page notifications? Here: chrome://settings/content/notifications ? Do you have all cleared?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
Re: Message about virus not sure if real or not
« Reply #2 on: July 09, 2024, 09:26:07 PM »
A pesky antivirus alert!

First, let's break down what you've told us:

1. You have Avast antivirus in the free version.
2. The antivirus keeps informing you that it has blocked access to the site `cf-apsg-perf.xinheyi.net` without you doing anything or any programs being open.
3. The threat type is listed as Malware.
4. You've run a full scan, and nothing was found on your computer.
5. You use FormatFactory (a software that uses the `net_updater64.exe` process) regularly and have added it as an exception in Avast, so it shouldn't trigger any alerts.
6. Despite this, Avast still reports the threat, and you have another computer with the same software installed.

Here are some potential reasons for this issue:

1. **False Positive**: It's possible that the `cf-apsg-perf.xinheyi.net` site is a legitimate website that's not actually malicious, but Avast has flagged it incorrectly.
2. **Software Conflict**: The `net_updater64.exe` process might be causing the issue. Since you've added FormatFactory as an exception in Avast, it should be excluded from scanning. However, there might be another issue with the process or a dependency that's causing the false alarm.
3. **Outdated Avast definitions**: It's possible that Avast's virus definitions are outdated, which could lead to incorrect flagging of legitimate sites.

To troubleshoot this issue, I recommend the following steps:

1. **Check Avast definitions**: Make sure your Avast antivirus is up-to-date with the latest virus definitions. You can do this by opening Avast, clicking on "Menu" (three horizontal lines) > "Settings" > "Update" and checking for updates.
2. **Re-add FormatFactory exception**: Double-check that you've added FormatFactory as an exception in Avast correctly. Go to "Menu" > "Settings" > "Exceptions" and make sure FormatFactory is listed as an exception.
3. **Check for conflicts with other software**: Temporarily disable any other software that uses similar processes or components to FormatFactory to see if the issue persists.
4. **Report the issue to Avast**: If none of the above steps resolve the issue, you can report it to Avast's support team or their virus and worm section (where you originally posted). Provide them with more details about your situation, including any error messages or logs.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
Re: Message about virus not sure if real or not
« Reply #3 on: July 10, 2024, 09:20:26 AM »
Also consider this: checking hxtp://cf-apsg-perf.xinheyi.net
Xmark
Checking for cloaking
There is a difference of 23 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but makes Google think there's something else on the page. show.

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31
CF-RAY: 8a0ec71cbc28436c-EWR
User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +htxp://www.google.com/bot.html)
CF-RAY: 8a0ec71cbcfc32e8-EWR
accept-encoding: gzip
accept-encoding: gzip
Connection: Keep-Alive
Remote-Address: 172.69.165.62 (a Singapore Cloudflare address, probably above board *).
Remote-Address: 172.70.114.132  (abuse reported -> https://www.abuseipdb.com/check/172.70.114.132,
* allthough whitelisted, reported to be with abuse also: https://www.abuseipdb.com/check/172.69.165.62

If there were good cloaking techniques being used here, we would not see a generic virus alert.
It is just that Google search engine ranking is being manipulated for some reason.
That's all,
and Google does not like that.

polonus
« Last Edit: July 10, 2024, 09:32:02 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!