Author Topic: Downloader-LP??  (Read 11127 times)

0 Members and 1 Guest are viewing this topic.

PamJ

  • Guest
Downloader-LP??
« on: May 13, 2010, 02:24:58 AM »
Hello everyone!

I was trying to go to a site today that I've been to several times before and was blocked by avast saying that this threat existed:  Downloader-LP.  Is this a true threat?  I'd like to let the site owner know (we are both members of a virtual assistant forum), but wanted to make sure before I scared her to death!!  (I realize all VP programs may sometimes pick things up as threats when they aren't.)

In case it makes a difference...the first time I went to her site I hadn't upgraded to the latest version of avast.  I updated, then tried again, and the same thing happen.

Here's what avast report shows:

5/12/2010 8:11:47 PM   hXXp://www.avirtualblessing.com/|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:11:49 PM   hXXp://www.avirtualblessing.com/wp-content/themes/eBusiness/images/bullet.gif|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:11:50 PM   hXXp://www.avirtualblessing.com/favicon.ico|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:11:53 PM   hXXp://www.avirtualblessing.com/favicon.ico|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:12:41 PM   hXXp://www.avirtualblessing.com/|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:12:42 PM   hXXp://www.avirtualblessing.com/wp-content/themes/eBusiness/images/bullet.gif|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:13:43 PM hXXp://www.avirtualblessing.com/|>{gzip} [L] JS:Downloader-LP [Trj] (0)
5/12/2010 8:13:44 PM   hXXp://www.avirtualblessing.com/wp-content/themes/eBusiness/images/bullet.gif|>{gzip} [L] JS:Downloader-LP [Trj] (0)

Thanks, all!

Pam
« Last Edit: May 13, 2010, 03:26:38 AM by PamJ »

Offline TedNelly

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1538
  • Trust No-One!
Re: Downloader-LP??
« Reply #1 on: May 13, 2010, 04:00:34 AM »
Sorry to say PamJ but  I checked hXXp://www.avirtualblessing.com/
at http://linkscanner.explabs.com/linkscanner/default.aspx

and it came back with
« Last Edit: May 13, 2010, 04:16:19 AM by tednelly »
Windows 10 Pro | Intel I7 CPU | 16 Gig 2133 RAM | Avast beta 17.5.2295 | Firefox 54 b9(64-bit) | Cyberfox 52.1 | T-Bird 52.1.1 | SpyWareBlaster 5.5 | MalwareBytes 3.0.0.865 | WinPatrol 35.5.2 | GlassWire 1.2.100 | Cybereason Ransomfree 2.2.7 |  Pulla-dePlug Final!

PamJ

  • Guest
Re: Downloader-LP??
« Reply #2 on: May 13, 2010, 04:23:14 AM »
So, as far as I'm concerned, I should be okay because avast blocked it, right? The site started to load but stopped, and the warning came up that said avast blocked loading of the site.

Linkscanner, that's a great site.

I will forward the information to her; thank you!

Pam
« Last Edit: May 13, 2010, 04:29:22 AM by PamJ »

ardvark

  • Guest
Re: Downloader-LP??
« Reply #3 on: May 13, 2010, 05:22:22 AM »
Hi Pam...

For some reason, Dr. Web states the link is clean... ???
« Last Edit: May 13, 2010, 12:55:18 PM by ardvark »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Alan Baxter

  • Guest
Re: Downloader-LP??
« Reply #5 on: May 13, 2010, 08:28:39 AM »
Avast 5 doesn't complain about that site for me.  Was it a false positive that's been fixed already or has the web site been fixed?
Avast 5.0.545
100512-0

Edit: I didn't have the Web Shield enabled.  Enabling it blocks the site for me too.
« Last Edit: May 14, 2010, 08:15:59 AM by Alan Baxter »

PamJ

  • Guest
Re: Downloader-LP??
« Reply #6 on: May 13, 2010, 08:36:11 AM »
I'm still getting the "Trojan Horse Blocked" warning for that site and it's blocked completely.  I do have the latest version of avast.  Any ideas?  I would try it on my husband's computer (think he uses Norton), but if it is a problem and Norton doesn't block it for him...

That is odd that one place shows there's a problem with that site and avast continues to block it, yet Dr. Webb shows it's okay and one other place I found to check it says it's okay.   ???

I don't remember if the previous times I've been to her site without a problem were before I updated to avast 5 or after.

Pondus, please excuse my lack of knowledge, but I am not sure if I'm reading the information correctly at the links you provided. Is it saying that it checked the site against all those AV programs and only three of them came back with there being a problem?
« Last Edit: May 13, 2010, 09:04:16 AM by PamJ »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Downloader-LP??
« Reply #7 on: May 13, 2010, 09:53:02 AM »
when avast detect this from the website it creates a temp file, i crab that file and upload it to VirusTotal to see if it is more than avast that detect the infection avast found
So since it is only avast detecting this, it may be a False Positive...... But avast is very good at detecting infected websites and usually correct......
so....maybe somone at avast team will comment.....or DavidR, he is good at finding out what is wrong at these websites
« Last Edit: May 13, 2010, 09:54:34 AM by Pondus »

Hermite15

  • Guest
Re: Downloader-LP??
« Reply #8 on: May 13, 2010, 10:31:24 AM »
when avast detect this from the website it creates a temp file, i crab that file and upload it to VirusTotal to see if it is more than avast that detect the infection avast found
So since it is only avast detecting this, it may be a False Positive...... But avast is very good at detecting infected websites and usually correct......
so....maybe somone at avast team will comment.....or DavidR, he is good at finding out what is wrong at these websites

I tried the site, got the alert, but I didn't find the unp file. Looked in:
C:\Users\xxxxx\AppData\Local\Temp
C:\ProgramData\TEMP
C:\Windows\Temp\_avast5_
C:\ProgramData\Alwil Software\Avast5 (and subfolders)
    >>> found nothing ??? The only times I found unp files like this in a temp folder was after a crash of avast >>> where did you get the temp file from? may be it gets deleted very quickly ???

edit: the behavior of that site is different in IE and in Chrome. In IE I get an immediate aborted connection and one alert. In Chrome (with js off) the site gets displayed but I get 3 alerts of misc stuff blocked.
« Last Edit: May 13, 2010, 10:33:52 AM by Logos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Downloader-LP??
« Reply #9 on: May 13, 2010, 11:25:25 AM »
Quote
may be it gets deleted very quickly
it does, a little trick i learned from David.....see your mail

ravi16aug

  • Guest
Re: Downloader-LP??
« Reply #10 on: May 13, 2010, 11:33:22 AM »
Quote from: Logos
the behavior of that site is different in IE and in Chrome. In IE I get an immediate aborted connection and one alert. In Chrome (with js off) the site gets displayed but I get 3 alerts of misc stuff blocked.
Is it due to the differences in Chrome and IE rendering mechanisms or does avast! protect different browsers differently?

Hermite15

  • Guest
Re: Downloader-LP??
« Reply #11 on: May 13, 2010, 11:40:47 AM »
Quote
may be it gets deleted very quickly
it does, a little trick i learned from David.....see your mail

got it ;)

Quote from: Logos
the behavior of that site is different in IE and in Chrome. In IE I get an immediate aborted connection and one alert. In Chrome (with js off) the site gets displayed but I get 3 alerts of misc stuff blocked.
Is it due to the differences in Chrome and IE rendering mechanisms or does avast! protect different browsers differently?

no I guess it's due to internal protection mechanisms although I can't elaborate, I don't know really...I tried in Firefox and there the behavior is again not the same, the page is displayed, with three alerts like in Chrome, but in the end the connection to the site is completely aborted.

ravi16aug

  • Guest
Re: Downloader-LP??
« Reply #12 on: May 13, 2010, 11:56:24 AM »
Quote from: Logos

no I guess it's due to internal protection mechanisms although I can't elaborate, I don't know really...I tried in Firefox and there the behavior is again not the same, the page is displayed, with three alerts like in Chrome, but in the end the connection to the site is completely aborted.
Hmm... this requires some elaboration from official resources. Anybody game?

Alan Baxter

  • Guest
Re: Downloader-LP??
« Reply #13 on: May 14, 2010, 06:14:20 PM »
I will forward the information to her; thank you!

Pam, your virtual assistant forum associate's site is still hacked.  Did you let the site owner know yet?  Leaving it hacked like that could give virtual assistant sites a bad name.

PamJ

  • Guest
Re: Downloader-LP??
« Reply #14 on: May 14, 2010, 07:10:55 PM »
Yes, I told her and this was her response:

"I truly appreciate your concern. Let's just say that I have had a few technological challenges in recent weeks. lol This was a problem I noticed a few weeks ago. I had 2 people look at it and they both said that very could not find a virus on my site. I'm still bothered that you and other potential guests are still getting an error message. I had not contacted AVG, do you think they can resolve the issue? Any advice is appreciated."

I'm getting ready to PM her again through the VA forum.

How does someone hack a website anyway, is it through the host?  Couldn't she just go in and delete the offending code or is it not that easy.

Pam

Edit:  Call me uneducated in this area--because I am!--but how did you get the offending code from her site?  Was it not blocking you at that point?
« Last Edit: May 14, 2010, 07:23:36 PM by PamJ »