Author Topic: gstatic.com is malware  (Read 24798 times)

0 Members and 1 Guest are viewing this topic.

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
gstatic.com is malware
« on: July 09, 2011, 06:47:45 PM »
Just last two days getting a ton of messages from Avast that it is blocking various websites ending in "gstatic.com".

Is that really a malware source or a false alarm?
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: gstatic.com is malware
« Reply #1 on: July 09, 2011, 06:57:14 PM »
Report    2011-07-09 18:33:10 (GMT 1)
Website    gstatic.com
Domain Hash    05d986b30d7eb849a90ddf372e58e082
IP Address    209.85.148.120 [SCAN]
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US (United States)
AS Number    15169
AS Name    GOOGLE - Google Inc.
Detections    0 / 23 (0 %)
Status    CLEAN

Report    2011-07-09 19:11:29 (GMT 1)
IP Address    209.85.148.120
IP Hostname    fra07s07-in-f120.1e100.net
IP Country    US
AS Number    N/A
AS Name    N/A
Detections    0 / 26 (0 %)
Status    CLEAN
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

kubecj

  • Guest
Re: gstatic.com is malware
« Reply #2 on: July 09, 2011, 07:14:47 PM »
Please, check your hosts file - is it empty or not?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88851
  • No support PMs thanks
Re: gstatic.com is malware
« Reply #3 on: July 09, 2011, 08:12:18 PM »
I visit sites that regularly have cross site scripting to load data from gstatic.com and no alerts from avast.

So there appears to be something else going one here, so I would follow kubecj's suggestion and check out your HOSTS file.

- HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 (but could just as easily be used to redirect to malware sites), check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
 
Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: gstatic.com is malware
« Reply #4 on: July 09, 2011, 08:40:48 PM »
Hi glnz,

What about this, lot of this malware now dead or closed, but had been there:
-http://www.malware-control.com/statics-pages/878ee58bb1e03f1ce20efe0477793855.php
There was a sality virus attack once from there, also phishing on Google image search, etc.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!