Author Topic: False Positive URL:Mal  (Read 13787 times)

0 Members and 1 Guest are viewing this topic.



Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: False Positive URL:Mal
« Reply #2 on: January 16, 2011, 07:44:44 AM »
***

http://www.UnmaskParasites.com/security-report/?page=norma-market.ru


Suspicious Inline Scripts :

Long suspicious script

Quote
document.write("< a href='hXXp://www.liveinternet.ru/click' target=_blank>< img src='//counter.yadr...


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Jonhs

  • Newbie
  • *
  • Posts: 7
Re: False Positive URL:Mal
« Reply #3 on: January 16, 2011, 12:34:12 PM »
Long suspicious script
This is liveinternet.ru counter. Same FP reaction on some sites where it is installed.

from norma-market.ru
<!--LiveInternet counter-->
<script type="text/javascript">document.write("<a href='http://www.liveinternet.ru/click' target=_blank><img src='//counter.yadro.ru/hit?t14.6;r" + escape(document.referrer) + ((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth)) + ";u" + escape(document.URL) + ";" + Math.random() + "' border=0 width=88 height=31 alt='' title='LiveInternet: показано число просмотров за 24 часа, посетителей за 24 часа и за сегодня'><\/a>")</script><!--/LiveInternet-->

new code from liveinternet.ru
<!--LiveInternet counter-->
<script type="text/javascript">document.write("<a href='http://www.liveinternet.ru/click' target=_blank><img src='//counter.yadro.ru/hit?t14.6;r" + escape(document.referrer) + ((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth)) + ";u" + escape(document.URL) + ";" + Math.random() + "' border=0 width=88 height=31 alt='' title='LiveInternet: показано число просмотров за 24 часа, посетителей за 24 часа и за сегодня'><\/a>")</script><!--/LiveInternet-->

http://www.finjan.com/Content.aspx?id=1190&url=http%3A%2F%2Fnorma-market.ru%2F&state=unsafe&category=Other&reason=Potential%20adware%20behavior%20was%20detected%20on%20this%20page&more=
Possible that reason is same.
« Last Edit: January 16, 2011, 02:38:55 PM by Jonhs »

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 322
Re: False Positive URL:Mal
« Reply #4 on: January 17, 2011, 11:28:31 AM »
Hello,
this false positive wasn't caused by liveinternet.ru. It was false positive in our black list.
Regards

Offline Jonhs

  • Newbie
  • *
  • Posts: 7
Re: False Positive URL:Mal
« Reply #5 on: January 17, 2011, 11:41:55 AM »
Thank you :)

Offline Simion

  • Advanced Poster
  • **
  • Posts: 817
Re: False Positive URL:Mal
« Reply #6 on: January 18, 2011, 01:26:46 AM »
Thank you :)

Glad you got it resolved with Avast, anyway. :)

Offline m00nbl00d

  • Jr. Member
  • **
  • Posts: 81
Re: False Positive URL:Mal
« Reply #7 on: January 18, 2011, 02:30:24 AM »
-http://hosts-file.net/?s=liveinternet.ru and -http://www.urlvoid.com/scan/liveinternet.ru

-http://www.urlvoid.com/scan/norma-market.ru
« Last Edit: January 18, 2011, 02:32:00 AM by m00nbl00d »

Offline r0b1n

  • Newbie
  • *
  • Posts: 2

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 62875
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive URL:Mal
« Reply #9 on: February 08, 2011, 05:26:14 PM »
Please help. What should I do?  ???

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles
asyn
Win 8.1 [x64] - Avast PremSec 20.1.2397.Beta#4 [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline r0b1n

  • Newbie
  • *
  • Posts: 2
Re: False Positive URL:Mal
« Reply #10 on: February 08, 2011, 05:36:36 PM »

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles
asyn

Oh, thank you, Asyn. I'll try it!  :)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 62875
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive URL:Mal
« Reply #11 on: February 08, 2011, 05:51:36 PM »
Oh, thank you, Asyn. I'll try it!  :)

You're welcome..!
asyn
Win 8.1 [x64] - Avast PremSec 20.1.2397.Beta#4 [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 322
Re: False Positive URL:Mal
« Reply #12 on: February 09, 2011, 12:48:01 PM »
Hello,
r0b1n.org.ua should be fixed in current VPS. But it wasn't a same case, because norma-market was a false positive in our web shield but r0b1n.org.ua was really infected and now it's clean.
Regards

Offline Petrovich123

  • Newbie
  • *
  • Posts: 2
blocking the site www.fonariki.skrepka.pl.ua
« Reply #13 on: September 18, 2011, 08:01:34 PM »
Developers AVAST help, please. Your antivirus is blocking the site www.fonariki.skrepka.pl.ua. You can check for the black list.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 62875
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: blocking the site www.fonariki.skrepka.pl.ua
« Reply #14 on: September 18, 2011, 10:13:14 PM »
Developers AVAST help, please. Your antivirus is blocking the site wxw.fonariki.skrepka.pl.ua. You can check for the black list.

Please open a new topic.
Win 8.1 [x64] - Avast PremSec 20.1.2397.Beta#4 [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0