We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Avast blocking malicious URL
Options
Comments
-
Whenever you get that kind of warning - whatever site you're on - always first assume it is correct and the site is infected somehow.
If you then check it out and find it to be a false positive & safe, you can then continue.0 -
Whenever you get that kind of warning - whatever site you're on - always first assume it is correct and the site is infected somehow.
If you then check it out and find it to be a false positive & safe, you can then continue.
Thanks waddler_8, that's why i posted on here, in the hope someone like yourself would have a look and say whether it is something to worry about or not.
In this case not, thank god.:)0 -
Whenever you get that kind of warning - whatever site you're on - always first assume it is correct and the site is infected somehow.
If you then check it out and find it to be a false positive & safe, you can then continue.
Not if it's a javascript file ie a .js URL. No need to scaremonger.0 -
EVERYONE IGNORE IT! It's just a script that monitors useage etc. Most sites have them, MSE will have many!!!
Incidentally it has nothing to do with Avast as such. It is just that Avast detected it as will a lot of other AV software. I went to log on remotely to my office today and I got an error (PC froze) and funnily enough when I checked the logs just to see what the issue was this exactsame script was mentioned. It's very common.0 -
johnnyboyrebel wrote: »Not if it's a javascript file ie a .js URL. No need to scaremonger.
You're saying a .js file can't be malicious?0 -
By way of explanation I recently clicked a link to a news item on a reputable UK fishing magazine's site. I landed on a totally unrelated site so investigated further using fiddler and found I was sent through a number of silent redirects.
You can see from the fiddler log below a redirect from to a domain hosting an exploit pack (cwbilled.ru) and from there an attempted Java exploit (cnnysiv.lflinkup.com / muyrmdnaghanmjrdmkjtvwsc.class), which MSE detected as Exploit:Java/CVE-2012-1723.ZVD.1 502 HTTP https://www.google.co.uk /url?q=http://totalseamagazine.com/news/item/583-angling-star-ceases-publication&sa=U&ei=R_uWULK0DqbC0QXf3oHoDg&ved=0CBUQFjAA&usg=AFQjCNGLv_UhRJRczQvTFBS5tKukO5rHhg 512 text/html; charset=UTF-8 iexplore:5328
2 302 HTTP https://www.google.co.uk /url?q=http://totalseamagazine.com/news/item/583-angling-star-ceases-publication&sa=U&ei=R_uWULK0DqbC0QXf3oHoDg&ved=0CBUQFjAA&usg=AFQjCNGLv_UhRJRczQvTFBS5tKukO5rHhg 270 private text/html; charset=UTF-8 iexplore:5328
3 301 HTTP totalseamagazine.com /news/item/583-angling-star-ceases-publication 251 text/html; charset=iso-8859-1 iexplore:5328
4 302 HTTP cwbilled.ru /constraintdilemmas.cgi?8 192 text/html iexplore:5328
5 200 HTTP cnnysiv.lflinkup.com /Bymi8c56i76af1ZLfBNdIz2cJBJAUStF 283 no-store, no-cache, must-revalidate Expires: Thu, 01 Jan 2000 00:00:00 GMT text/html; charset=UTF-8 iexplore:5328
6 500 HTTP cnnysiv.lflinkup.com /favicon.ico 20 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT text/html; charset=UTF-8 iexplore:5328
7 200 HTTP Tunnel to urs.microsoft.com:443 0 iexplore:5328
8 200 HTTP cnnysiv.lflinkup.com /yjrntapq.jar 41,722 application/java-archive java:1308
9 200 HTTP cnnysiv.lflinkup.com /yjrntapq.jar 41,722 application/java-archive java:1308
10 200 HTTP cnnysiv.lflinkup.com /yjrntapq.jar 41,722 application/java-archive java:1308
11 200 HTTP cnnysiv.lflinkup.com /yjrntapq.jar 41,722 application/java-archive java:1308
12 302 HTTP cnnysiv.lflinkup.com /qnvqucvgtgmkbr/muyrmdnaghanmjrdmkjtvwsc.class 0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT text/html; charset=UTF-8 java:1308
13 302 HTTP cnnysiv.lflinkup.com /qnvqucvgtgmkbr/404.php 0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT text/html; charset=UTF-8 java:1308
Looking at the source code didn't show anything unusual, but looking at the js files did.<script type="text/javascript" src="/media/system/js/mootools.js"></script> 53 <script type="text/javascript" src="http://www.totalseamagazine.com/templates/gk_sporter/js/domready_fix.js"></script> 54 <script type="text/javascript" src="/media/system/js/modal.js"></script> 55 <script type="text/javascript" src="http://www.totalseamagazine.com/components/com_k2/js/k2.js"></script> 56 <script type="text/javascript" src="/components/com_jcomments/js/jcomments-v2.1.js?v=7"></script> 57 <script type="text/javascript" src="/components/com_jcomments/libraries/joomlatune/ajax.js?v=3"></script> 58 <script type="text/javascript" src="/plugins/system/rokbox/rokbox.js"></script> 59 <script type="text/javascript" src="/plugins/system/rokbox/themes/dark/rokbox-config.js"></script> 60 <script type="text/javascript" src="http://www.totalseamagazine.com/templates/gk_sporter/js/gk.script.js"></script> 61 <script type="text/javascript" src="http://www.totalseamagazine.com/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js"></script> 62 <script type="text/javascript" src="/modules/mod_rokajaxsearch/js/rokajaxsearch.js"></script> 63 <script type="text/javascript" src="http://www.totalseamagazine.com/components/com_adagency/includes/js/ajax.js"></script>
Each of the .js files had been injected with code that caused redirection to the domain hosting the exploit pack.
So this:
...is good advice.waddler_8 wrote:Whenever you get that kind of warning - whatever site you're on - always first assume it is correct and the site is infected somehow.
If you then check it out and find it to be a false positive & safe, you can then continue.
This:johnnyboyrebel wrote:Not if it's a javascript file ie a .js URL. No need to scaremonger.
...isn't.0 -
-
By way of explanation I recently clicked a link to a news item on a reputable UK fishing magazine's site. I landed on a totally unrelated site so investigated further using fiddler and found I was sent through a number of silent redirects.
You can see from the fiddler log below a redirect from to a domain hosting an exploit pack (cwbilled.ru) and from there an attempted Java exploit (cnnysiv.lflinkup.com / muyrmdnaghanmjrdmkjtvwsc.class), which MSE detected as Exploit:Java/CVE-2012-1723.ZVD.
Looking at the source code didn't show anything unusual, but looking at the js files did.<script type="text/javascript" src="/media/system/js/mootools.js"></script> 53 <script type="text/javascript" src="http://www.totalseamagazine.com/templates/gk_sporter/js/domready_fix.js"></script> 54 <script type="text/javascript" src="/media/system/js/modal.js"></script> 55 <script type="text/javascript" src="http://www.totalseamagazine.com/components/com_k2/js/k2.js"></script> 56 <script type="text/javascript" src="/components/com_jcomments/js/jcomments-v2.1.js?v=7"></script> 57 <script type="text/javascript" src="/components/com_jcomments/libraries/joomlatune/ajax.js?v=3"></script> 58 <script type="text/javascript" src="/plugins/system/rokbox/rokbox.js"></script> 59 <script type="text/javascript" src="/plugins/system/rokbox/themes/dark/rokbox-config.js"></script> 60 <script type="text/javascript" src="http://www.totalseamagazine.com/templates/gk_sporter/js/gk.script.js"></script> 61 <script type="text/javascript" src="http://www.totalseamagazine.com/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js"></script> 62 <script type="text/javascript" src="/modules/mod_rokajaxsearch/js/rokajaxsearch.js"></script> 63 <script type="text/javascript" src="http://www.totalseamagazine.com/components/com_adagency/includes/js/ajax.js"></script>
Each of the .js files had been injected with code that caused redirection to the domain hosting the exploit pack.
So this:
...is good advice.
This:
...isn't.
Ok, your advice is correct, mine isn't apparently. Tell me, how are your programming skills? Have you developed sites with javascript or php?
Not a childish dig, just my point being don't simply dismiss someone so easy who actually eats and sleeps javascript and php.
My post actually meant that if it is a .js link being blocked, it is less likely to be an obvious malware or infected link.
I have never lived my life being concerned about every single warning my pc has even given me like your advice suggests so all I try to say is there is no need to scaremonger people. You have seen some of the posts on here, some people don't know what's what so I don't think a 'Treat everything as a virus' comment helps anyone and certainly won't teach them anything.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.2K Mortgages, Homes & Bills
- 177K Life & Family
- 257.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards