Author Topic: URL protection not working ?  (Read 7240 times)

0 Members and 1 Guest are viewing this topic.

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
URL protection not working ?
« on: April 18, 2012, 08:09:12 PM »
Hi,

I use Avast 7 Free updated with the most recent virus definitions.

Today i've surfed to a infected site and although Avast notified me the url was infected and in theory, blocked it, my machine was infected. As a TI guy, i could clean it up deleting some files. Then i surfed again to the same website and again, Avast told me the url was infected, blocked the access, but even this way, i was infected again.

It's some kind of Windows 7 virus that updates MSConfig to start when you reboot.

So i cleaned up my system again.

I'd like to know why this happenned ; if Avast blocked the URL, why my machine was infected ?

The site in question is this below (i've separated with spaces to avoid clicking) ; be careful, it's infected.

http : // www . phabrica . com . br

What should i need to really have a protection ?

Thanks !

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #1 on: April 18, 2012, 08:16:39 PM »
What should i need to really have a protection ?

Use a script blocker in your browser. (E.g.: FF with NoScript)
http://sitecheck.sucuri.net/results/www.phabrica.com.br
http://zulu.zscaler.com/submission/show/baca0aae3e119f8b51497e6fc074c7ce-1334772700 -> See domain history..!!! ::)
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #2 on: April 18, 2012, 08:17:58 PM »
This means i can't trust in Avast's Web Shield ?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #3 on: April 18, 2012, 08:22:55 PM »
This means i can't trust in Avast's Web Shield ?

Sure you can trust the WS, a script blocker wouldn't hurt as another layer of protection though. ;)
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
« Last Edit: April 18, 2012, 08:53:54 PM by Pondus »

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #5 on: April 18, 2012, 08:26:23 PM »
This means i can't trust in Avast's Web Shield ?

Sure you can trust the WS, a script blocker wouldn't hurt as another layer of protection though. ;)

If i can trust th WS, why i was infected twice even with the shield active ? :)


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: URL protection not working ?
« Reply #6 on: April 18, 2012, 08:32:15 PM »
what detected the infection?
what was the malware name?
where was it found?

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #7 on: April 18, 2012, 08:35:22 PM »
Here is the shield log :

URL : http: // www . phabrica . com . br/wp-content/themes/Phabrica/js/superfish.js|>{gzip}
Severity : High
Status : Threat:JS:Redirector-Om[Trj]
Action : Blocked

I'm surfing again to the site with a virtual machine with Windows XP. If i navigate to the site in my
original machine (Windows 7 Pro) , i will be infected again ; i've tested twice and twice i was infected.
« Last Edit: April 18, 2012, 08:46:03 PM by tfjoint »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #8 on: April 18, 2012, 08:36:09 PM »
If i can trust th WS, why i was infected twice even with the shield active ? :)

What are your settings in WS..??
If it blocks the connection, there should be no infection.
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: URL protection not working ?
« Reply #9 on: April 18, 2012, 08:38:15 PM »
so are you saying first avast web shield detect and block........then avast detect another file when scanning ?



OBS, and break the link above so it is not clickable

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #10 on: April 18, 2012, 08:41:46 PM »
so are you saying first avast web shield detect and block........then avast detect another file when scanning ?

Avast blocks, but somehow , i get infected anyway. Maybe Avast is blocking one link but letting another pass, i'm not sure about what happens.

What i'm sure is i've tried twice to navigate to this site, and twice i got infected. I can tell because the virus put some .exe files in my c:\programdata and edit MSConfig to run itself when i restart. It even block Taskman and deleted all my shortcuts.  It seems to be a Win7 specific infection.

As i TI guy, i could restore everything, and tried again to navigate to this site, and again, i was infected.

I would try again, but everytime it infects my computer, i loose a lot of time cleaning up things.


Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #11 on: April 18, 2012, 08:42:19 PM »
If i can trust th WS, why i was infected twice even with the shield active ? :)

What are your settings in WS..??
If it blocks the connection, there should be no infection.

I have default actions, have not edited anything.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: URL protection not working ?
« Reply #12 on: April 18, 2012, 08:46:39 PM »
Quote
I can tell because the virus put some .exe files in my c:\programdata
can you upload this .exe file(s) to  www.virustotal.com   and post the scan link here when you have the result  (if scanned before click rescan)

Offline tfjoint

  • Newbie
  • *
  • Posts: 14
Re: URL protection not working ?
« Reply #13 on: April 18, 2012, 08:49:10 PM »
Quote
I can tell because the virus put some .exe files in my c:\programdata
can you upload this .exe file(s) to  www.virustotal.com   and post the scan link here when you have the result  (if scanned before click rescan)

I can't because i've deleted the file; to get it again, i'd have to get infected again...


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66742
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: URL protection not working ?
« Reply #14 on: April 18, 2012, 08:49:17 PM »
I have default actions, have not edited anything.

- Which avast!..?? (Free/Pro/IS)
- Which version..??
- OS..?? (32/64 Bit..? - which SP..?)
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0