Author Topic: [Infected?]Has this website got an infection?  (Read 4803 times)

0 Members and 1 Guest are viewing this topic.

mentaljason

  • Guest
[Infected?]Has this website got an infection?
« on: February 12, 2010, 05:00:50 PM »
I was browsing a couple of days ago when i got XP avp 2010, i fixed it now with help from this forum, but when i got it i was only on two websites, facebook and this:

hxxp://www.cplusplus.com/doc/tutorial/

Did that site give it to me? because i never clicked to download ANYTHING in the time up to me getting it.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: [Infected?]Has this website got an infection?
« Reply #1 on: February 12, 2010, 05:34:34 PM »
If either the web shield or network shield blocked it (e.g. alert in the site), then they should have stopped what was there getting on to your system.

I have just visited the site and no alerts on the link you gave. So either that isn't the full url to the page it alerted on or they have cleaned up whatever it was that was causing the alert.

So my guess would be more likely to have been facebook as it is a huge target to malware writers.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

computerfreaker

  • Guest
Re: [Infected?]Has this website got an infection?
« Reply #2 on: February 13, 2010, 04:38:30 AM »
I just visited the site and looked through its JavaScript - looks OK.
As DavidR said, you probably got hit by one of the many Facebook malwares out there.

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1371
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: [Infected?]Has this website got an infection?
« Reply #3 on: February 13, 2010, 06:06:57 AM »
Hi,

I don't think this website got infected, this is the results :

http://www.unmaskparasites.com/security-report/?page=www.duowan.com/0910/119283364074.html

What is exactly attacks that you faced last time?

Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Re: [Infected?]Has this website got an infection?
« Reply #4 on: February 13, 2010, 09:48:21 PM »
Hi Yanto.Chiang,

The site is malware ridden. Location of website is in China

Analyzed by Norton Safe Web duowan.com for security and safety problems.

Report of threats
Total number of threats found are: 3

    Heuristic viruses
Threats found : 2
Full list is found here:
Name of threat:   Bloodhound.Exploit.281
Location:    hxtp://z.duowan.com/ucenter/data/avatar/002/84/87/03_avatar_big.jpg


Name of threat:   Bloodhound.Exploit.281
Location:    hxtp://att.bbs.duowan.com/customavatars/2848703.gif


    Programs to steal information
Threats found: 1
Full list here:
Name of theat:   Infostealer
Location:    htxp://update.duowan.com/ui/quest.exe

Not a site I wanna go,

polonus

« Last Edit: February 14, 2010, 12:29:32 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

computerfreaker

  • Guest
Re: [Infected?]Has this website got an infection?
« Reply #5 on: February 13, 2010, 10:56:44 PM »
Hi Yanto.Chiang,

The site is malware ridden. Location of website is in China

Analyzed by Norton Safe Web duowan.com for security and safety problems.

Raeport of threats
Totaal number of threats found are: 3

    Heuristic viruses
Threats found : 2
Full list is found here:
Name of threat:   Bloodhound.Exploit.281
Location:    hxtp://z.duowan.com/ucenter/data/avatar/002/84/87/03_avatar_big.jpg


Name of threat:   Bloodhound.Exploit.281
Location:    hxtp://att.bbs.duowan.com/customavatars/2848703.gif


    Programs to steal information
Threats found: 1
Full list here:
Name of theat:   Infostealer
Location:    htxp://update.duowan.com/ui/quest.exe

Not a site I wanna go,

polonus


Not to challenge what you're saying, but I personally went through the JavaScript all over that site and it's clean.
However, they do have a forum, which has a lot of external links in posts; that's probably what Norton's picking up on. Let me see if I can find the ones you posted.