(The quickest way to register)

Forum

Dear visitor! The webpage is only available in English. We're sorry for the inconvenience.
  1. User picture
    • YoKenny on Fri 29 May 2009
    • 12:39:38 PM UTC

    avast! reports virus on hpHosts blog

    I went to read hpHosts blog just now and received this warning!
    Sign of "JS:Redirector-H7 [Trj]" has been found in "hxxp://hphosts.blogspot.com/\{gzip}" file.

    Change is inevitable except from a vending machine

Comments:

  2. User picture
    • Sami on Fri 29 May 2009
    • 12:43:00 PM UTC

    Re: avast! reports virus on hpHosts blog

    I'm sure it's a false positive. What's the "/\{gzip}" file? Does that mean this was detected from the compressed page sent by the web server?
  3. User picture
    • Athlonite on Fri 29 May 2009
    • 12:52:58 PM UTC

    MalwareBytes'

    MalwareBytes.org was hit last week with a re-direct. They warned us from their front page and asked to keep directing traffic their way that it would be resolved quickly. I had to visit today and it must have been solved because my bookmarked links all worked again.
    it could be possible that they have turned their attention to HpHost.

    Athlonite

    Your help is always needed.
  4. User picture
    • Anonymous on Fri 29 May 2009
    • 02:08:00 PM UTC

    False Positive

    All av,s make false positives occasionaly.Suppose its better than a negative positive.(G.O.M.with Honours).
  5. User picture
    • YoKenny on Fri 29 May 2009
    • 05:12:12 PM UTC

    I reported the false positive to avast!

    Now I will wait to hear what they respond back to me.
    • User picture
      • YoKenny on Sat 30 May 2009
      • 01:17:56 AM UTC

      It looks like the blog is showing an example of a virus

      It looks like the blog is showing an example of a virus triggering avast! with an infection warning.
      • User picture
        • MysteryFCM on Sat 30 May 2009
        • 01:32:54 AM UTC

        Yep ....

        ... tis the documentation on the Gumblar/Martuz infection that's triggering it. As I said last time, Avast is technically correct in flagging it as it is malicious code - the fact it's posted "safely" (i.e. it doesn't actually load) isn't checked by Avast.

        Regards
        Steven Burn
        Ur I.T. Mate Group / hpHosts
        it-mate.co.uk / hosts-file.net
        • User picture
          • evilfantasy on Sat 30 May 2009
          • 01:43:23 AM UTC

          Keywords?

          Could Avast be hitting on keywords in the URL or is it the body of the web page....or both?
          • User picture
            • MysteryFCM on Sat 30 May 2009
            • 02:31:56 AM UTC

            ...

            Hopefully it's hitting on the code itself (I'd be very concerned if it was hitting on keywords)

            Regards
            Steven Burn
            Ur I.T. Mate Group / hpHosts
            it-mate.co.uk / hosts-file.net
  6. User picture
    • MysteryFCM on Fri 29 May 2009
    • 06:20:45 PM UTC

    FYI

    It's only a partial F/P. Chances are they're picking up on the code outlined in the following post;

    http://hphosts.blogspot.com/2009/05/martuzcn-aka-g...

    This isn't the first time this has happened and I doubt it'll be the last ;o)

    http://forum.avast.com/index.php?topic=38715.0

    Regards
    Steven Burn
    Ur I.T. Mate Group / hpHosts
    it-mate.co.uk / hosts-file.net
  7. User picture
    • evilfantasy on Fri 29 May 2009
    • 10:37:19 PM UTC

    Me too

    Set mine off also.

    http://hphosts.blogspot.com/2009/05/martuzcn-aka-gumblar-and-wordpress-does.html\{gzip}
    • User picture
      • paul g on Sat 30 May 2009
      • 09:18:05 AM UTC

      dose this mean.

      Hi,allDose this mean that this only happens if i go to their forum or the hphosts program? Sorry if this is a stupid question but i dont understand the tech talk.
      I have hphosts and Avast and Avast has'nt found anything........

      Thanks for your time...........cheers........p...........

      If You Dont Ask You Will Never Know..
      • User picture
        • YoKenny on Sat 30 May 2009
        • 10:30:08 AM UTC

        Its on the hpHost blog

        Its on the hpHost blog

        This is a blog like forum and heaven forbid that it became infected with the common Web site infection that is prevalent right now and avast! is doing an admirable job of detecting then avast! would alert me that I should not stay here.

        A couple of forums that I use very occasionaly were infected and I contacted their owners and they quicky corrected the situation.

        Wow, the sun is out after 4 days of cloud and rain.
  8. User picture
    • Anonymous on Sat 30 May 2009
    • 09:22:48 AM UTC

    Perfectly Safe

    Its if you go to hoHosts paul but it is perfectly safe to do so has it is a false positive.Meaning the av thinks its a virus but its not.(G.O.M.with Honours).
    • User picture
      • paul g on Sat 30 May 2009
      • 09:29:10 AM UTC

      Perfectly Safe.

      Hey, cod head.Thanks a lot for your quick reply and shedding some light on that for me.
      Thanks for your time.........cheers...........p...........

      If You Dont Ask You Will Never Know..
  9. User picture
    • YoKenny on Sat 30 May 2009
    • 08:07:39 PM UTC

    The mistery

    The mystery is why dude2 does not understand about Script Blocker.

    Or maybe I don't understand what he does not understand.
    • User picture
      • MysteryFCM on Sat 30 May 2009
      • 08:18:10 PM UTC

      ....

      hehe that's an easy one ...... it's because he's not technically inclined, and the descriptions of it, aren't being presented in plain "newb" English.

      Regards
      Steven Burn
      Ur I.T. Mate Group / hpHosts
      it-mate.co.uk / hosts-file.net