Author Topic: Avast html:script-inf  (Read 96925 times)

0 Members and 1 Guest are viewing this topic.

eficbf

  • Guest
Avast html:script-inf
« on: January 14, 2009, 04:11:25 PM »
Hello,

I am getting a "A virus was found alert" alert when I browse to a particular website all other websites are fine. The Malware name identified is HTML:script-inf. The computer I am connecting from doesn't appear to have any viruses on scan or boot scan. As far as I am aware there shouldn't be any malware on the site I'm browsing to. Is there possibly an issue with the website code that could be generating this message?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast html:script-inf
« Reply #1 on: January 14, 2009, 05:32:36 PM »
What is the URL that the detection is on ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

Modify the link so it isn't active to avoid accidental exposure, change the http to hXXp.

The detection is I assume by the web shield and the only option it gives it Abort Connection, e.g. drop that download (so it shouldn't be on your system) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast html:script-inf
« Reply #2 on: January 14, 2009, 11:27:15 PM »
The site could be hacked... or could have encrypted code (suspicious)... better will be knowing which site it is...
The best things in life are free.

eficbf

  • Guest
Re: Avast html:script-inf
« Reply #3 on: January 15, 2009, 11:16:11 AM »
Hello,

Thanks for the responses. The site in question is www.icbf.com I've checked the log and it seems that the warning comes up when you go to the web page it doesn't look like there is a virus on the PC.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast html:script-inf
« Reply #4 on: January 15, 2009, 12:00:59 PM »
Hello,

Thanks for the responses. The site in question is www . icbf . com I've checked the log and it seems that the warning comes up when you go to the web page it doesn't look like there is a virus on the PC.

It returned clean with Dr. Web. But avast is triggering it. Maybe you should edit the link to not leave it live in forums.
The best things in life are free.

kubecj

  • Guest
Re: Avast html:script-inf
« Reply #5 on: January 15, 2009, 12:20:42 PM »
The site in question is using webstat.net, which we block. Can you get in the contact with the owners and ask them if they're sure about webstat.net credibility and if they have the contact with them?

The scripts of webstat.net are very suspicious, they have no contacts, no about us, no ToS and the email used in domain registration is invalid.

UPDATE: Sent mail to 9 different @webstat.net addresses, all of them returned as non-deliverable. Scripts are three times obfuscated, with the bottom layer having iframe somewhere to China.
« Last Edit: January 15, 2009, 01:35:03 PM by kubecj »

eficbf

  • Guest
Re: Avast html:script-inf
« Reply #6 on: January 15, 2009, 01:30:18 PM »
Jindrich,

Thank you for the reply. We'll check into this and see what the webstat.net site is being used for.


eficbf

  • Guest
Re: Avast html:script-inf
« Reply #7 on: January 15, 2009, 03:18:03 PM »
Hi Jindrich,

The webstat.net reference has been taken out of the code and the website is running fine now. Thank you for your help.

Eddie.

kubecj

  • Guest
Re: Avast html:script-inf
« Reply #8 on: January 15, 2009, 03:59:49 PM »
I'm just interested if it was there by purpose or by hack  ;)

eficbf

  • Guest
Re: Avast html:script-inf
« Reply #9 on: January 15, 2009, 04:07:57 PM »
The reference was there on purpose it had been used at one stage to collect web stats but I've been told that the code was actually commented out some timte ago on the website.

gbilmes

  • Guest
Re: Avast html:script-inf
« Reply #10 on: March 14, 2009, 08:00:08 PM »
I am getting The Malware name identified is HTML:script-inf.
The side is hxtp://vsedlyavsex.com/forum/forumdisplay.php
As far as I am aware there shouldn't be any malware on the site I'm browsing to.
Any suggestions??

Thanks
« Last Edit: April 13, 2011, 05:34:01 PM by Milos »

kirari

  • Guest
HELP!!! This is new for me! (Re:) Avast html:script-inf
« Reply #11 on: April 12, 2010, 11:22:52 AM »
I am getting this same exact thing with a website I USED to be able to visit till earlier this year.

hXXp://www.boogiezone.com

Everyone else I know can see it, but I get a warning and then it aborts the connection.

Please help me!

Thank you.
« Last Edit: April 13, 2010, 10:21:25 AM by kirari »

spg SCOTT

  • Guest
Re: Avast html:script-inf
« Reply #12 on: April 12, 2010, 12:00:04 PM »
Hi kirari, welcome to the forum :)

Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.

Please see:
http://www.UnmaskParasites.com/security-report/?page=www.boogiezone.com

Unfortunately it would appear as though it has been hacked.
UnmaskParasites has picked up on the object that is causing the alert.

There is an inline script pointing to a fake google analytics site. (Look at the spelling --> anaiytics )
This is a method of quietly infecting sites as it is harder to spot.

-Scott-

kirari

  • Guest
Re: Avast html:script-inf
« Reply #13 on: April 13, 2010, 10:21:07 AM »
Hi Scott!

thank you for the welcome and thanks for replying.

So I have to wait for the site to get rid of it?
Because this is a site I would like to visit again since it's a community I'm active in :)

Does the unmaskparasite do anything to the pc?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast html:script-inf
« Reply #14 on: April 13, 2010, 11:37:02 AM »
Quote
Does the unmaskparasite do anything to the pc?
No it is an Security report of the website