Author Topic: Malware blocked(SOLVED)!!  (Read 8379 times)

0 Members and 1 Guest are viewing this topic.

HS2234

  • Guest
Re: Malware blocked!!
« Reply #15 on: March 16, 2012, 03:24:57 PM »
Yup

true indian

  • Guest
Re: Malware blocked!!
« Reply #16 on: March 16, 2012, 03:28:57 PM »
can u scan your C:\program files\google chrome folder please


though u describe u got the alert as soon as u clicked on it...i think that avast didnt block blocked the link but a payload of it.

HS2234

  • Guest
Re: Malware blocked!!
« Reply #17 on: March 16, 2012, 03:30:04 PM »
I scanned it.. no virus found??

true indian

  • Guest
Re: Malware blocked!!
« Reply #18 on: March 16, 2012, 03:31:28 PM »
I scanned it.. no virus found??

thats a good sign indicates web shield blocked the bad thing accurately as it always does.  :)

well can u tell me what u searched for on google to get hit with that avast alert?
« Last Edit: March 16, 2012, 03:35:59 PM by winmaltech »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86508
  • No support PMs thanks
Re: Malware blocked!!
« Reply #19 on: March 16, 2012, 03:40:07 PM »
In the OPs image, it clearly shows =|> {gzip} at the end of the URL, that is an indication that there is a compressed zip file being loaded and it is this which the web shield doesn't like and this would be blocked by the web shield.

That wouldn't stop the remainder of the site/page from opening, it is only when the detection is on an element within the .html/.htm/.php, page would the whole page be blocked.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33586
  • malware fighter
Re: Malware blocked!!
« Reply #20 on: March 16, 2012, 03:52:59 PM »
@HS2234

Probably this was a hidden iFrame redirect. A "payload"????  Well viruses may also contain a payload that performs other actions, often malicious. That is called a (malicious) payload. Here we had an instance of suspicious code that the avast Webshield detected and flagged...

Probably it already has been cleansed there...
This was the code that was found there ealier with a scan at 2012-01-20 12:19:50 to be precise...
dsp.apsmediaagency dot com/dsp.php?class=MzM2fDcyOHg5MA== benign
[nothing detected] dsp.apsmediaagency dot com/dsp.php?class=MzM2fDcyOHg5MA==
     status: (referer=wXw.google.com/trends/hottrends)saved 2590 bytes d9c4fb22ef1a7ab68360674e4b7b34e4421cf715
     info: [decodingLevel=0] found JavaScript
     error: undefined variable c1
     error: line:24: SyntaxError: missing } in XML expression:
          error: line:24:      document.location.href = 'htXp:/amc.convomedia.com/p.php?r=' + c1 + '|' + c2 + '|' + c3;
          error: line:24: ..... ultimately going -^ IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=1 HEIGHT=1 SRC="dsp_serve dot php?class=MzM2fFVTfDAuMDAwNTY3"^

@winmaltech  Why you should copy what I already posted
Quote
Can you give the URL as a non-live-link, so hxtp or wXw etc.? Then we can see what may be out there?
  And if the vicitim should scan for evental remainders of that incident, he should scan the whole of Local -> Google  etc.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37182
Re: Malware blocked!!
« Reply #21 on: March 16, 2012, 04:08:00 PM »
its like dsp/mediaagency.com/dsp.php.... is their anyway so I can copy and paste this?
here is a screen shot

dsp.mediaagency.com is down.
Unable to connect to site.
Nope......  it is not down
http://www.downforeveryoneorjustme.com/http://dsp.apsmediaagency.com/dsp.php?class=ODE1fDE2MHg2MDA=

if you are quoting sucuri it say:     Unable to properly scan your site. Site empty (no content).
and this you can see here  urlQuery  http://urlquery.net/report.php?id=32188



zscaler
http://zulu.zscaler.com/submission/show/46623d8d72a3d21b7871fac056170000-1331910339

« Last Edit: March 16, 2012, 04:12:05 PM by Pondus »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 75442
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Malware blocked!!
« Reply #22 on: March 16, 2012, 04:12:54 PM »
its like dsp/mediaagency.com/dsp.php.... is their anyway so I can copy and paste this?
here is a screen shot

dsp.mediaagency.com is down.
Unable to connect to site.
Nope......  it is not down

That was because the OP misquoted the domain. ;)
W 8.1 [x64] - Avast PremSec 22.5.7216.B [UI.706] - Firefox ESR 91.9.1 [NS/uBO/PB] - Thunderbird 91.9.1
Avast-Tools: Secure Browser 101.0 - Cleanup 22.2 - SecureLine 5.18 - Driver Updater 22.2 - CCleaner 6.0
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33586
  • malware fighter
Re: Malware blocked!!
« Reply #23 on: March 16, 2012, 04:31:11 PM »
Hi Pondus and Asyn,

Well with WebBug I executed GET for hxtp://dsp.apsmediaagency.com/dsp.php?class=ODE1fDE2MHg2MDA=
and got->

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 16 Mar 2012 15:27:47 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 205
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /dsp.php was not found on this server.</p>
</body></html>

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

HS2234

  • Guest
Re: Malware blocked!!
« Reply #24 on: March 17, 2012, 06:27:10 PM »
I scanned local - google with avast and mbam.. nothin found.. But since chrome has sandbox nothing woulda happned right?

HS2234

  • Guest
Re: Malware blocked!!
« Reply #25 on: March 18, 2012, 02:51:45 AM »
anybody?

true indian

  • Guest
Re: Malware blocked!!
« Reply #26 on: March 24, 2012, 09:05:45 AM »
you are safe and clean dont worry!  ;)