While browsing, I tried to go to the following site (all URLs posted below have been edited to make them non-clickable): hXXp://www.gogglesandglasses.com/PRODUCT_REVIEWS.html
At which point access to the site was blocked and I received the following avast! pop-up:
MALICIOUS URL BLOCKED
avast! Network Shield has blocked a harmful site.
Object: hXXp:/.../PRODUCT_REVIEWS.htmlei=25Ugfq3H5c
Infection: URL:Mal
Process: G:\Filseclab\xfilter\xfilter.dll
The "More details" link told me this:
Infection Details
URL: hXXp://4918.southwestdiscus.com/url?sa
Process: file://G:%5CFilseclab%5Cxfilter%5Cxfilter.dll
Infection: url:Mal
Filseclab is a firewall I've used for years, and have never had avast! mention it in all the times I've run both on the same system.
Here's what's confusing about this message:
- I'm pretty sure I've been to this site before without any warnings.
- WOT rates the site totally safe (though with not many people rating it).
- I have NoScript 2.3.4 running and except for googleapis.com, the site was "completely" blocked (only gogglesandglasses.com and statcounter.com showed up in the NoScript button, and both were blocked). Also Adblock Plus 2.0.3 (with it's Pop-up Addon) are running as well.
- A few minutes later, I went to the site again (maybe dumb, but if avast! blocked me once, it should do it again), but the error did not pop-up this time (I had not changed any permissions).
- Viewing the source code to the site, I don't see either the string "25Ugfq3H5c" (from the warning), nor "southwestdiscus" (from the More Details page).
I realize none of the above is any guarantee of this being a safe site, but combined, I'm just wondering if there was some glitch that caused the pop-up, or am I missing something obvious here?
Is this actually some conflict between avast! and Filseclab and not related to the website at all? If so, what might cause this conflict now? Filseclab hasn't been updated in years (the developer doesn't exist anymore), and other than a definitions update (120325-0), I'm still running avast 6.0.1367.
I still have the website source code as a text file if there's anything else I can look for.
I'd like to be able to visit the site and not worry that I'm risking obvious exposure, but I want to understand this avast! warning a bit more first.
BTW, I'm running Windows XP Pro.