Author Topic: gstatic.com is malware  (Read 12169 times)

0 Members and 1 Guest are viewing this topic.

Offline glnz

  • Jr. Member
  • **
  • Posts: 71
gstatic.com is malware
« on: July 09, 2011, 06:47:45 PM »
Just last two days getting a ton of messages from Avast that it is blocking various websites ending in "gstatic.com".

Is that really a malware source or a false alarm?

Offline Asyn

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30820
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: gstatic.com is malware
« Reply #1 on: July 09, 2011, 06:57:14 PM »
Report    2011-07-09 18:33:10 (GMT 1)
Website    gstatic.com
Domain Hash    05d986b30d7eb849a90ddf372e58e082
IP Address    209.85.148.120 [SCAN]
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US (United States)
AS Number    15169
AS Name    GOOGLE - Google Inc.
Detections    0 / 23 (0 %)
Status    CLEAN

Report    2011-07-09 19:11:29 (GMT 1)
IP Address    209.85.148.120
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US
AS Number    N/A
AS Name    N/A
Detections    0 / 26 (0 %)
Status    CLEAN
XP SP3 - Avast 10.2.2217.R2.SP2.B - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.6 [NS/ABP/EHH/BP/SVC] - Thunderbird 31.6 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline kubecj

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1125
    • ALWIL Software
Re: gstatic.com is malware
« Reply #2 on: July 09, 2011, 07:14:47 PM »
Please, check your hosts file - is it empty or not?
Jindrich Kubec

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71566
  • No support PMs thanks
Re: gstatic.com is malware
« Reply #3 on: July 09, 2011, 08:12:18 PM »
I visit sites that regularly have cross site scripting to load data from gstatic.com and no alerts from avast.

So there appears to be something else going one here, so I would follow kubecj's suggestion and check out your HOSTS file.

- HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 (but could just as easily be used to redirect to malware sites), check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
 
Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2217 R2-SP2 beta/ Outpost Firewall Pro9.1/ Firefox 37.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23548
  • malware fighter
Re: gstatic.com is malware
« Reply #4 on: July 09, 2011, 08:40:48 PM »
Hi glnz,

What about this, lot of this malware now dead or closed, but had been there:
-http://www.malware-control.com/statics-pages/878ee58bb1e03f1ce20efe0477793855.php
There was a sality virus attack once from there, also phishing on Google image search, etc.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!