Author Topic: Avast html:script-inf  (Read 68871 times)

Offline eficbf

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Avast html:script-inf
« on: January 14, 2009, 02:11:25 PM »
Hello,

I am getting a "A virus was found alert" alert when I browse to a particular website all other websites are fine. The Malware name identified is HTML:script-inf. The computer I am connecting from doesn't appear to have any viruses on scan or boot scan. As far as I am aware there shouldn't be any malware on the site I'm browsing to. Is there possibly an issue with the website code that could be generating this message?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #1 on: January 14, 2009, 03:32:36 PM »
What is the URL that the detection is on ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

Modify the link so it isn't active to avoid accidental exposure, change the http to hXXp.

The detection is I assume by the web shield and the only option it gives it Abort Connection, e.g. drop that download (so it shouldn't be on your system) ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64881
  • Gender: Male
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #2 on: January 14, 2009, 09:27:15 PM »
The site could be hacked... or could have encrypted code (suspicious)... better will be knowing which site it is...
The best things in life are free.

Offline eficbf

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #3 on: January 15, 2009, 09:16:11 AM »
Hello,

Thanks for the responses. The site in question is www.icbf.com I've checked the log and it seems that the warning comes up when you go to the web page it doesn't look like there is a virus on the PC.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64881
  • Gender: Male
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #4 on: January 15, 2009, 10:00:59 AM »
Hello,

Thanks for the responses. The site in question is www . icbf . com I've checked the log and it seems that the warning comes up when you go to the web page it doesn't look like there is a virus on the PC.

It returned clean with Dr. Web. But avast is triggering it. Maybe you should edit the link to not leave it live in forums.
The best things in life are free.

Offline kubecj

  • Administrator
  • Advanced Poster
  • ***
  • Posts: 1127
  • Gender: Male
    • ALWIL Software
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #5 on: January 15, 2009, 10:20:42 AM »
The site in question is using webstat.net, which we block. Can you get in the contact with the owners and ask them if they're sure about webstat.net credibility and if they have the contact with them?

The scripts of webstat.net are very suspicious, they have no contacts, no about us, no ToS and the email used in domain registration is invalid.

UPDATE: Sent mail to 9 different @webstat.net addresses, all of them returned as non-deliverable. Scripts are three times obfuscated, with the bottom layer having iframe somewhere to China.
« Last Edit: January 15, 2009, 11:35:03 AM by kubecj »
Jindrich Kubec

Offline eficbf

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #6 on: January 15, 2009, 11:30:18 AM »
Jindrich,

Thank you for the reply. We'll check into this and see what the webstat.net site is being used for.


Offline eficbf

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #7 on: January 15, 2009, 01:18:03 PM »
Hi Jindrich,

The webstat.net reference has been taken out of the code and the website is running fine now. Thank you for your help.

Eddie.

Offline kubecj

  • Administrator
  • Advanced Poster
  • ***
  • Posts: 1127
  • Gender: Male
    • ALWIL Software
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #8 on: January 15, 2009, 01:59:49 PM »
I'm just interested if it was there by purpose or by hack  ;)
Jindrich Kubec

Offline eficbf

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #9 on: January 15, 2009, 02:07:57 PM »
The reference was there on purpose it had been used at one stage to collect web stats but I've been told that the code was actually commented out some timte ago on the website.

Offline gbilmes

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #10 on: March 14, 2009, 06:00:08 PM »
I am getting The Malware name identified is HTML:script-inf.
The side is hxtp://vsedlyavsex.com/forum/forumdisplay.php
As far as I am aware there shouldn't be any malware on the site I'm browsing to.
Any suggestions??

Thanks
« Last Edit: April 13, 2011, 03:34:01 PM by Milos »

Offline kirari

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
HELP!!! This is new for me! (Re:) Avast html:script-inf
« Reply #11 on: April 12, 2010, 09:22:52 AM »
I am getting this same exact thing with a website I USED to be able to visit till earlier this year.

hXXp://www.boogiezone.com

Everyone else I know can see it, but I get a warning and then it aborts the connection.

Please help me!

Thank you.
« Last Edit: April 13, 2010, 08:21:25 AM by kirari »

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #12 on: April 12, 2010, 10:00:04 AM »
Hi kirari, welcome to the forum :)

Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.

Please see:
http://www.UnmaskParasites.com/security-report/?page=www.boogiezone.com

Unfortunately it would appear as though it has been hacked.
UnmaskParasites has picked up on the object that is causing the alert.

There is an inline script pointing to a fake google analytics site. (Look at the spelling --> anaiytics )
This is a method of quietly infecting sites as it is harder to spot.

-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline kirari

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #13 on: April 13, 2010, 08:21:07 AM »
Hi Scott!

thank you for the welcome and thanks for replying.

So I have to wait for the site to get rid of it?
Because this is a site I would like to visit again since it's a community I'm active in :)

Does the unmaskparasite do anything to the pc?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21731
  • Gender: Male
    • Personal Message (Offline)
Re: Avast html:script-inf
« Reply #14 on: April 13, 2010, 09:37:02 AM »
Quote
Does the unmaskparasite do anything to the pc?
No it is an Security report of the website
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now