Author Topic: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?  (Read 2360 times)

0 Members and 1 Guest are viewing this topic.

Offline dns

  • Jr. Member
  • **
  • Posts: 28
  • I Love to code :P
Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« on: September 06, 2011, 06:33:13 PM »
my friend asked me to find something for him, on google.
while googling, avast popped up with the following details:
url: hxxp://www.google.co.il/url?sa=f&rct=j&url=http://arquitecturasoftware.org/19534-download.htm&q=pod+to+pc+registration+code&lpe=2&usg=AFQjCNE4tVm-_rpjP-nfLN9Gya0a1zADpg|>{gzip}

^ NOTE FOR THE GOOGLE.CO.IL as the base of the link.
malware: JS:ScriptIP-inf [Trj] -- Blocked.
so.. google search is infected or avast is wrong?
important information:
everything was happening under Sandboxie, not in my real sytem machine
as i said before, i was trying to help a friend, i guess i wont try to help again.
i NEVER enter to sites google show me on google search, i usually take what i need from the
website description.
the AVAST popup was right when the google search was loaded.
No av not even AVAST says that the url is infected- so wtf is going on? my avast is updated.

after that, i made some scans to see what's going on:
MBAM: Clean.
AVAST: Rootkit Scan + Full Scan + Boot Scan = Clean.
Virustotal: url is clean 0/16.

Sandbox has been cleaned immidiately + no active connections when i dont open a software that
requires internet connection.
No unknown tasks in task manager.
HELP?  :-\
« Last Edit: September 06, 2011, 06:40:15 PM by dns »
OS: Windows XP Pro SP2
Security: Avast 6 Free/MBAM Free/Comodo FW/Sandboxie

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37029
Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« Reply #1 on: September 06, 2011, 06:53:59 PM »
Quote
url: hxxp://www.google.co.il/url?sa=f&rct=j&url=hxxp://arquitecturasoftware.org/19534-download.htm&q=pod+to+pc+registration+code&lpe=2&usg=AFQjCNE4tVm-_rpjP-nfLN9Gya0a1zADpg|>{gzip}
I am guessing this

Wot
http://www.mywot.com/en/scorecard/arquitecturasoftware.org
« Last Edit: September 06, 2011, 06:56:23 PM by Pondus »

Offline dns

  • Jr. Member
  • **
  • Posts: 28
  • I Love to code :P
Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« Reply #2 on: September 06, 2011, 06:57:09 PM »
Quote
url: hxxp://www.google.co.il/url?sa=f&rct=j&url=hxxp://arquitecturasoftware.org/19534-download.htm&q=pod+to+pc+registration+code&lpe=2&usg=AFQjCNE4tVm-_rpjP-nfLN9Gya0a1zADpg|>{gzip}
I am guessing it may be this

Wot
http://www.mywot.com/en/scorecard/arquitecturasoftware.org
I dont understand what's the problem with Wot, what is that anyway?
and it doesnt matter, i was in google and not in their site, i didnt even entered a picture,
just google scan, it doesnt make any sense.

you can google anything, it shouldnt do anything as long as you dont enter a malicious website.
i even google this software and avast didnt tell me a thing.
so why avast poped up in my previous search? i didnt enter any website.
« Last Edit: September 06, 2011, 07:00:41 PM by dns »
OS: Windows XP Pro SP2
Security: Avast 6 Free/MBAM Free/Comodo FW/Sandboxie

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37029
Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« Reply #3 on: September 06, 2011, 07:00:39 PM »
Quote
I dont understand what's the problem with Wot, what is that anyway?
arquitecturasoftware.org is listed as a bad site at WOT

Offline dns

  • Jr. Member
  • **
  • Posts: 28
  • I Love to code :P
Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« Reply #4 on: September 06, 2011, 07:01:16 PM »
Quote
I dont understand what's the problem with Wot, what is that anyway?
arquitecturasoftware.org is listed as a bad site at WOT
but it doesnt matter, it was a google search only.
i didnt enter to any of the sites in the search, only googled like everyone else does.
OS: Windows XP Pro SP2
Security: Avast 6 Free/MBAM Free/Comodo FW/Sandboxie

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2667
Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« Reply #5 on: September 06, 2011, 09:51:23 PM »
You probably used the "preview" feature of google, without even noticing.

When google shows you the preview, the specific webpage has to be already connected, somehow. Google is not showing you the preview just from its cache.

Probably when google connected that site so to show you the preview, then was that Avast showed you the alert. The alert is not about google, but about that other site "arquitecturasoftware". (I won't copy here the link again, since it seems you are confusing WOT with google with that problematic website.)
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Wierdest thing EVER- Google search infected or Avast FP?!?!!?!?
« Reply #6 on: September 06, 2011, 11:24:54 PM »
As dns is stll on XP SP 2 they need to read this:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS