Author Topic: Malware Detected at Notebook Review forums?  (Read 4484 times)

0 Members and 1 Guest are viewing this topic.

Offline scotthabs

  • Newbie
  • *
  • Posts: 2
Malware Detected at Notebook Review forums?
« on: June 20, 2012, 06:47:40 PM »
Hi. Whenever I try to access the forums at notebookreview.com, Avast blocks my access and reports that there is a HTML:Script-inf infection. Can anyone else replicate this, and answer if it's a false positive or not?
Thanks.

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Malware Detected at Notebook Review forums?
« Reply #1 on: June 20, 2012, 07:05:29 PM »
Detetion seems alright!
some sort of script tag leading to suspicious website jscriptss.com/gate.php?a=364  is detected

not sure on the redirected site..

jscriptss.com/gate.php?a=364 benign
[nothing detected] jscriptss.com/gate.php?a=364
     status: (referer=http:/twitter.com/trends/)saved 311 bytes ff8c79fb0eb1230786a8a607b988f4cba4729f70
     info: [decodingLevel=0] found JavaScript
     error: undefined function location[_0x3bb1[4]]
     error: undefined variable _0x3bb1
     file: ff8c79fb0eb1230786a8a607b988f4cba4729f70: 311 bytes

U can report a FP here www.avast.com/contacts

« Last Edit: June 20, 2012, 07:08:21 PM by true indian »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Malware Detected at Notebook Review forums?
« Reply #2 on: June 20, 2012, 07:12:20 PM »
Reported to virus analysts to check.
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85969
  • No support PMs thanks
Re: Malware Detected at Notebook Review forums?
« Reply #3 on: June 20, 2012, 07:45:43 PM »
It was confirmed to be a good detection by one of the virus labs team (in another topic), Milos I believe.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MrDJ

  • Jr. Member
  • **
  • Posts: 91
Re: Malware Detected at Notebook Review forums?
« Reply #4 on: June 20, 2012, 08:03:36 PM »
ive sent a report to support.

heres my thread most probably posted in wrong sub forum DOH! http://forum.avast.com/index.php?topic=99863.0

> DavidR
when you say it was confirmed to be a good detection do you mean harmful or not. 3 independant scans done by the forum moderators all came back clean.
 can i post the links?


edit:

problem solved. just posted on nbr. if you go to the main page of nbr and scrool all the way to the bottom and change dropdown box to default v-bulletin it stops the popup.
« Last Edit: June 20, 2012, 08:19:21 PM by MrDJ »

Offline scotthabs

  • Newbie
  • *
  • Posts: 2
Re: Malware Detected at Notebook Review forums?
« Reply #5 on: June 20, 2012, 08:22:27 PM »
Hmm. Still doesn't answer what/why avast is detecting at the site...

Offline MrDJ

  • Jr. Member
  • **
  • Posts: 91
Re: Malware Detected at Notebook Review forums?
« Reply #6 on: June 20, 2012, 08:31:05 PM »
true but at least it stops the annoying popups until support get back to me.

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Malware Detected at Notebook Review forums?
« Reply #7 on: June 21, 2012, 08:03:02 AM »
The detection is correct there is a script tag on the site leading to  jscriptss.com/gate.php?a=364 which is malicious..so its correctly blocked...contact webmaster and ask him to remove script tag from his site

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33381
  • malware fighter
Re: Malware Detected at Notebook Review forums?
« Reply #8 on: June 21, 2012, 09:24:03 AM »
The url involved is fairly random, the file name is identical between the requests, occuring back to back.
Example /gate.php
This leaves analysts with virtually very little to base  a signature on.
Common factor for all flagged sites is that all have outdated versions of the vBulletin software, e.g. 4.0.2,
templates could have been infected,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!