We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
AVAST giving 'Malicious URL blocked' signal on site
cepheus
Posts: 20,053 Forumite
I am using AVAST free version
Every single time I open a new page or post to this site
http://www.theenvironmentsite.org/forum/help-feedback/41870-virus-opening-pages-site.html#post408142
a red popup warms me 'Malicious URL blocked network shield has blocked a harmful site'
hxxp://directmarketing12linear.in/in.cgi/?walter
could someone with AVAST try the environment site link (not the second one). I'm sure it is a bug in AVAST or something on my computer. I'm sure the site is safe, no-one else seems to have a problem on it.
It is making the site unusuable for me.
Every single time I open a new page or post to this site
http://www.theenvironmentsite.org/forum/help-feedback/41870-virus-opening-pages-site.html#post408142
a red popup warms me 'Malicious URL blocked network shield has blocked a harmful site'
hxxp://directmarketing12linear.in/in.cgi/?walter
could someone with AVAST try the environment site link (not the second one). I'm sure it is a bug in AVAST or something on my computer. I'm sure the site is safe, no-one else seems to have a problem on it.
It is making the site unusuable for me.
0
Comments
-
If it happens everytime you try a website then it could quite possibly be internet explorer infected by a virus.
Best thing to do is to run a schedule boot time scan.
Go into avast>schedule boot time scan of all hard drives.
This will find and remove all the viruses in your system.Better to understand a little than to misunderstand a lot.0 -
If it happens everytime you try a website then it could quite possibly be internet explorer infected by a virus.
Best thing to do is to run a schedule boot time scan.
Go into avast>schedule boot time scan of all hard drives.
This will find and remove all the viruses in your system.
Thought I had done that since it runs every day, but I will do it again, and make sure updates are fine. Can anone else test the site?0 -
Also get the warning with Avast free.0
-
Hi cepheus
First, Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks. You have tried, however the link is still active.
Paddy H's suggestion is not really necessary, but wouldn't hurt (will take some time though...) avast is preventing a connection to the site, it is not an indication that you are necessarily infected.
This detection is avast detecting a redirect to a domain that is blocked by avast.
It will be hard to try and explain this without images...I may put them in dropbox to show...
There is a script on the /forum page that decodes to a script to a site, which contains an iframe to the site that is blocked.
So
Your site -> Obfuscated script -> decodes to script to another site -> site contains zero by zero iframe to blocked site -> avast detection.
I am not too sure about the detection, but I have seen the /in.cgi reference before in some infected sites... I will try and confirm.
Sucuri confirms the detection:
(I wont post the direct link to the site scan, because it can sometimes cause an alert itself...because of the way it displays the script.)
This is the malware entry that it has for this:
http://sucuri.net/malware/malware-entry-mwjsjj678-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0 -
I'm sure it is a bug in AVAST or something on my computer. I'm sure the site is safe, no-one else seems to have a problem on it.
Have just tried the site via Palemoon browser and have been redirected to hxxp://www.insideentrepreneurs.com.
So the original site has obviously been hijacked and Avast has correctly picked it up.0 -
No infections on my boot disc, but I did notice during the operation it said softwaredistribution\Download\ ([ long number ] error 42127 cab Archive is corrupted.0
-
If you are worried about infections you could always work from a distro until you sort the blighters out on your machine. HTH
clickyPeel back your baby's eyelid to find no nationality or religious identity mark there. Peer at your baby's eyes for them to reflect back just people-throw away your flags and religious symbols...0 -
The environment site is definately compromised - I've managed to capture the malware at the end of the redirections. There's a series of exploit attempts - MSE detects the blackhole exploit kit.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Exploit%3aJS%2fBlacole.AR&threatid=2147653143
There's a Java exploit:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Exploit%3aJava%2fCVE-2011-3544.BR&threatid=2147654622
And when I tried to download the file:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=VirTool%3aWin32%2fCeeinject.CZ&threatid=2147654332
Definately stay away from the site.
0 -
Well I have warned them and referenced this thread. Someone else with Mcfee is getting the same.0
-
Images of the scripts and detection can be found here:
http://www.dropbox.com/gallery/3105891/1/theenvironmentsite-infection?h=93df21-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards