Author Topic: Auslogics website mal url? is this a fp  (Read 3301 times)

Offline burrellbuzzman

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Auslogics website mal url? is this a fp
« on: March 27, 2010, 02:03:18 PM »
I use, Auslogics Registry Cleaner version 1.5.12.165, since i have had it, it doesnt seem to have had any updates when i was in the program today i thought i would check. so i clicked "Check for updates..." and it redirected me to a website say my version was up to date.

However, avast let me know a threat had been detected. a red box appeared saying:

"MALISIOUC URL BLOCKED

avast! Network Shield has blocked a threat.
No further action is required.

   Object: google-stats.com/start.php
   Infection: URL:Mal
   Action: Blocked
   Process: C:\Program Files (x86)\Mozzila Firefox\firefox.exe

The threat was detected and blocked just before connecting to the URL"

Is this a false positive? within the auslogics registry cleaner program there are links to the company's site as well, which i thought i would click on and again they recieved the same or similar message. In addition to avast i use the full version of malwarebytes, and this program didnt attempt to block the ip address, although i am not sure if that is the same as the threat detected with avast? Again i practise safe internet surfing and find it hard to believe a company life this would send me to malicious websites... any help would be greatly apprieciated

Thanks Rob

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Auslogics website mal url? is this a fp
« Reply #1 on: March 27, 2010, 03:08:35 PM »
Given that the location being blocked is Object: google-stats.com/start.php not the Auslogic site, either something has hacked the site or more likely there something on another site you were visiting.

I say this because the initiating check for updates would have been independent of your default browser. Or this link is on that page and avast isn't the only one to find it malicious:
http://www.mywot.com/en/scorecard/google-stats.com
http://www.malwaredomainlist.com/mdl.php?search=google-stats.com&inactive=on
http://hosts-file.net/?s=google-stats.com
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=google-stats.com
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Auslogics website mal url? is this a fp
« Reply #2 on: March 27, 2010, 03:32:09 PM »
Update, I didn't have this registry cleaner, but since it isn't very big I downloaded and installed it and I did an update check and no alert by the avast network shield. See image, I checked the page source code of the page that the registry cleaner goes to and there is no reference to google-stats.com
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sg09

  • Full Member
  • ***
  • Posts: 177
  • Gender: Male
    • Current Technology Discounts
    • Personal Message (Offline)
Re: Auslogics website mal url? is this a fp
« Reply #3 on: March 27, 2010, 06:17:31 PM »
I don't use Auslogics registry cleaner, but use their Disk Defragmenter and Registry Defragmenter. I checked for updates and both lead to a Internal Server Error.
Also when I tried to go their homepage it leads me to somewhere else... I think their website is down/hacked...

Anyone who knows how to loose can certainly learn how to win.

Offline holgermh

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Auslogics website mal url? is this a fp
« Reply #4 on: March 27, 2010, 06:17:45 PM »
Hi,

i am using diskdefrag by auslogics. I yesterday tried to visit the home page and got the same warning by avast.

I wrote them at 8 PM german time this morning:

Quote

Hi,
i use Disk Defrag which is very good!

But yesterday when i visited your homepage, my AV Engine (AVAST 5.0) declared your website
malicious, because it starts a link to google-stats.com/start.php. This isn't a google site!

The site then of course is blocked.

Any idea what's going on?

Best regards

Holger

Unquote

They answered promptly and asked for the exact message by avast. I sent them the message which is alike to the OP.
The only difference is the browser. Mine is IE8.

This evening the auslogics site is down. Seems they are checking...

Holger


 



Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20170
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: Auslogics website mal url? is this a fp
« Reply #5 on: March 27, 2010, 08:50:39 PM »
Hi holgermh

This is whats wrong with google-stats.com:
 General Info
Web Site Location     Russian Federation

Norton Safe Web has analyzed google-stats.com for safety and security problems. Below is a sample of the threats that were found.
   
google-stats.com
Threat Report

Total threats found: 5

Small-whitebg-red    Drive-By Downloads

Threats found: 5
Here is a complete list:
Threat Name:    MSIE ADODB.Stream Object File Installation Weakness
Location:    hxtp://google-stats.com/issue.php?key=46197ab72494e146fe84cfec995e7123&access=bf3cde039b73c49baf1cbe693fd5f264&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1

   
Threat Name:    MSIE ADODB.Stream Object File Installation Weakness
Location:    htxp://google-stats.com/issue.php?key=ceebc73d7779e6a76d3d0a7f83ac9374&access=abecd59c312a2fc1c6f6138b690b5523&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1

   
Threat Name:    MSIE ADODB.Stream Object File Installation Weakness
Location:    hxtp://google-stats.com/issue.php?key=a05ff1186bef98162f1e051c9dc2a1a4&access=ceebc73d7779e6a76d3d0a7f83ac9374&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1

   
Threat Name:    MSIE ADODB.Stream Object File Installation Weakness
Location:    hxtp://google-stats.com/issue.php?key=e2b2e442bd0e4e8f6e3c481aaee97970&access=f638faa725ac08fc1d133277bd8338b4&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1

   
Threat Name:    MSIE ADODB.Stream Object File Installation Weakness
Location:    hxtp://google-stats.com/issue.php?key=00cc962fd29befb9af34bd883e5631ea&access=7a6dbbc8f903863065e7fddc336bb8da&o=57696r646s7773&v=5850&b=496r7465726r6574204578706p6s726572&m=362r30&c=1&ac=1

Enough not to have a link to these redirects on your website, another site that was infected through this site was: http://safeweb.norton.com/report/show?url=articbrasil.com%2F&x=5&y=9


polonus
« Last Edit: March 27, 2010, 09:09:43 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now