Author Topic: avast blocking every url I'm opening even google  (Read 2849 times)

Offline fbi_mohd

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
avast blocking every url I'm opening even google
« on: August 19, 2010, 08:16:16 PM »
Hello,
I'm using avast 4.8 and anchor free hotspot shield v1.49 for a while.
but suddenly today avast started to give me an alarm for a blocking connection at every URL I'm opening including google.com when I'm connected to the hotspot shield.
The alarm give me this details
threat type: JS:ScriptSH-inf [Trj]
url:http://box.anchorfree.net/insert/56fnu.js?v=568021038\unp21299068

Is this really a trojan or it's a false alarm?
And if it's a false alarm how to stop it?
thanks.

Offline Cheeseguy

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: avast blocking every url I'm opening even google
« Reply #1 on: August 19, 2010, 08:46:22 PM »
I'm getting the same as well.  I was using an older version of Avast and was fine.  Just recently upgraded to the latest and greatest Avast today and now my Hotspot Shield is triggering a Trojan warning with every webclick.  I see a few postings about this on the forums but no replies or suggestions.  I opened up a ticket with Avast to see if they have any suggestions.

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20147
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: avast blocking every url I'm opening even google
« Reply #2 on: August 19, 2010, 08:58:41 PM »
Hi posters in the thread,

Yes, read about the suspicious script found here: http://unmaskparasites.com/security-report/?page=http%3A//box.anchorfree.net/insert/56fnu.js%3Fv%3D568021038\unp21299068 and suspicious iFrame found: "JavaScript malware just got a lot more dangerous" re: http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grossman.pdf  This is detected as JS.ScriptSH-inf[Trj] in the browser executable, described here: htxp://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/  (avast flags a visit there as JS:Twettir-C and disconnected),


polonus
« Last Edit: August 19, 2010, 09:01:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline fbi_mohd

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: avast blocking every url I'm opening even google
« Reply #3 on: August 20, 2010, 08:25:07 PM »
Thanks polonus for your replay.
I'm not a pro in the viruses anti-viruses staff.
So is it dangerous enough to stop using the program.
or it's false positive.
and if it's false positive how to fix it 

Offline BarryH1701

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: avast blocking every url I'm opening even google
« Reply #4 on: October 18, 2010, 08:19:33 PM »
I am also now receiving this message as of today, but so far only on one site www.space.com which I visit often.  I am assuming this is a false positive based on responses I'm reading, but how can it be stopped so I can visit the site I want to visit.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: avast blocking every url I'm opening even google
« Reply #5 on: October 18, 2010, 08:27:24 PM »
I am also now receiving this message as of today, but so far only on one site xxx.space.com which I visit often.  I am assuming this is a false positive based on responses I'm reading, but how can it be stopped so I can visit the site I want to visit.
I think you should stay away, as it is not just avast! that does not like it

VirusTotal - index.html - 5/43
http://www.virustotal.com/file-scan/report.html?id=8978467aafaa81684d6c44475c900aa1ce5999c811bb3f22efa8ea6cd8751376-1287433474

This page seems to be <suspicious> 1 suspicious inline script found.
http://www.UnmaskParasites.com/security-report/?page=www.space.com




OBS: edit the link you posted so it is not clickable
« Last Edit: October 18, 2010, 08:31:36 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now