So earlier, I loaded
http://www.avast.com/eng/download-avast-home.html earlier, to grab the URL to paste in a forum to help some Norton trialware victims.
When I closed it, I saw it was making a request to a URL on the ssl-hints.netflame.cc domain name.
Being a naturally curious person, I looked into that domain and found two things:
- it's part of fireclick.com which Avast appears to use for their web analytics
- it contains this interesting file hxxp://ssl-hints.netflame.cc/Fc/FcPred.class , which freaks Avast out if you try to open it.
So, uh.. what's going on here? Is it a false positive, or is Avast's web analytics provider hosting malware on the side?
For reference, this is what Avast thinks of it:
A Virus Was Found!
There is no reason to worry, though. avast! has stopped the
malware before it could enter your computer. When you click on the
"Abort connection" button, the download of the dangerous file will
be canceled.
File name: hxxp://ssl-hints.netflame.cc/Fc/FcPred.class
Malware name: Other:Malware-gen
Malware type: Virus/Worm
VPS version: 090113-1, 01/13/2009
Here's what Virus Total think of the file:
http://www.virustotal.com/analisis/2bd0257964b37d65fa03e9eb361d8b3bBased on that, I'm guessing it's probably a "false positive", but I'd rather let the professionals sort it out.
Thanks,
Henri
*edited to maybe protect the non-avast users in this forum.