Malware blocked(SOLVED)!!

[HS2234]

Yup

[true indian]

can u scan your C:\program files\google chrome folder please


though u describe u got the alert as soon as u clicked on it...i think that avast didnt block blocked the link but a payload of it.

[HS2234]

I scanned it.. no virus found??

[true indian]

I scanned it.. no virus found??

thats a good sign indicates web shield blocked the bad thing accurately as it always does. 

well can u tell me what u searched for on google to get hit with that avast alert?

[DavidR]

In the OPs image, it clearly shows =|> {gzip} at the end of the URL, that is an indication that there is a compressed zip file being loaded and it is this which the web shield doesn't like and this would be blocked by the web shield.

That wouldn't stop the remainder of the site/page from opening, it is only when the detection is on an element within the .html/.htm/.php, page would the whole page be blocked.

[polonus]

@HS2234

Probably this was a hidden iFrame redirect. A "payload"?  Well viruses may also contain a payload that performs other actions, often malicious. That is called a (malicious) payload. Here we had an instance of suspicious code that the avast Webshield detected and flagged...

Probably it already has been cleansed there...
This was the code that was found there ealier with a scan at 2012-01-20 12:19:50 to be precise...
dsp.apsmediaagency dot com/dsp.php?class=MzM2fDcyOHg5MA== benign
[nothing detected] dsp.apsmediaagency dot com/dsp.php?class=MzM2fDcyOHg5MA==
     status: (referer=wXw.google.com/trends/hottrends)saved 2590 bytes d9c4fb22ef1a7ab68360674e4b7b34e4421cf715
     info: [decodingLevel=0] found JavaScript
     error: undefined variable c1
     error: line:24: SyntaxError: missing } in XML expression:
          error: line:24:      document.location.href = 'htXp:/amc.convomedia.com/p.php?r=' + c1 + '|' + c2 + '|' + c3;
          error: line:24: ..... ultimately going -^ IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=1 HEIGHT=1 SRC="dsp_serve dot php?class=MzM2fFVTfDAuMDAwNTY3"^

@winmaltech  Why you should copy what I already posted

Can you give the URL as a non-live-link, so hxtp or wXw etc.? Then we can see what may be out there?

  And if the vicitim should scan for evental remainders of that incident, he should scan the whole of Local -> Google  etc.

polonus

[Pondus]

its like dsp/mediaagency.com/dsp.php.... is their anyway so I can copy and paste this?
here is a screen shot

dsp.mediaagency.com is down.
Unable to connect to site.

Nope......  it is not down
http://www.downforeveryoneorjustme.com/http://dsp.apsmediaagency.com/dsp.php?class=ODE1fDE2MHg2MDA=

if you are quoting sucuri it say:     Unable to properly scan your site. Site empty (no content).
and this you can see here  urlQuery  http://urlquery.net/report.php?id=32188



zscaler
http://zulu.zscaler.com/submission/show/46623d8d72a3d21b7871fac056170000-1331910339

[Asyn]

its like dsp/mediaagency.com/dsp.php.... is their anyway so I can copy and paste this?
here is a screen shot

dsp.mediaagency.com is down.
Unable to connect to site.

Nope......  it is not down

That was because the OP misquoted the domain.

[polonus]

Hi Pondus and Asyn,

Well with WebBug I executed GET for hxtp://dsp.apsmediaagency.com/dsp.php?class=ODE1fDE2MHg2MDA=
and got->

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 16 Mar 2012 15:27:47 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 205
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /dsp.php was not found on this server.</p>
</body></html>

polonus

[HS2234]

I scanned local - google with avast and mbam.. nothin found.. But since chrome has sandbox nothing woulda happned right?

[HS2234]

anybody?

[true indian]

you are safe and clean dont worry!