Comments on websites

Изображение пользователя

avast! reports virus on hpHosts blog

Птн 29 Май 2009 12:39:38 — YoKenny

I went to read hpHosts blog just now and received this warning!
Sign of "JS:Redirector-H7 [Trj]" has been found in "hxxp://hphosts.blogspot.com/\{gzip}" file.

Изображение пользователя

Re: avast! reports virus on hpHosts blog

Птн 29 Май 2009 12:43:00 — Sami

I'm sure it's a false positive. What's the "/\{gzip}" file? Does that mean this was detected from the compressed page sent by the web server?

Изображение пользователя

MalwareBytes'

Птн 29 Май 2009 12:52:58 — Athlonite

MalwareBytes.org was hit last week with a re-direct. They warned us from their front page and asked to keep directing traffic their way that it would be resolved quickly. I had to visit today and it must have been solved because my bookmarked links all worked again.
it could be possible that they have turned their attention to HpHost.

Athlonite

Your help is always needed.

Изображение пользователя

False Positive

Птн 29 Май 2009 14:08:00 — cod head (Не проверено)

All av,s make false positives occasionaly.Suppose its better than a negative positive.(G.O.M.with Honours).

Изображение пользователя

I reported the false positive to avast!

Птн 29 Май 2009 17:12:12 — YoKenny

Now I will wait to hear what they respond back to me.

Изображение пользователя

It looks like the blog is showing an example of a virus

Сбт 30 Май 2009 01:17:56 — YoKenny

It looks like the blog is showing an example of a virus triggering avast! with an infection warning.

Изображение пользователя

Yep ....

Сбт 30 Май 2009 01:32:54 — MysteryFCM

... tis the documentation on the Gumblar/Martuz infection that's triggering it. As I said last time, Avast is technically correct in flagging it as it is malicious code - the fact it's posted "safely" (i.e. it doesn't actually load) isn't checked by Avast.

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Изображение пользователя

Keywords?

Сбт 30 Май 2009 01:43:23 — evilfantasy

Could Avast be hitting on keywords in the URL or is it the body of the web page....or both?

Изображение пользователя

...

Сбт 30 Май 2009 02:31:56 — MysteryFCM

Hopefully it's hitting on the code itself (I'd be very concerned if it was hitting on keywords)

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Изображение пользователя

I was hoping you would say that

Сбт 30 Май 2009 02:45:24 — evilfantasy

Keywords would be a bit too aggressive and possibly damaging.

Изображение пользователя

FYI

Птн 29 Май 2009 18:20:45 — MysteryFCM

It's only a partial F/P. Chances are they're picking up on the code outlined in the following post;

http://hphosts.blogspot.com/2009/05/martuzcn-aka-g...

This isn't the first time this has happened and I doubt it'll be the last ;o)

http://forum.avast.com/index.php?topic=38715.0

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Изображение пользователя

Me too

Птн 29 Май 2009 22:37:19 — evilfantasy

Set mine off also.

http://hphosts.blogspot.com/2009/05/martuzcn-aka-gumblar-and-wordpress-does.html\{gzip}

Изображение пользователя

dose this mean.

Сбт 30 Май 2009 09:18:05 — paul g

Hi,allDose this mean that this only happens if i go to their forum or the hphosts program? Sorry if this is a stupid question but i dont understand the tech talk.
I have hphosts and Avast and Avast has'nt found anything........

Thanks for your time...........cheers........p...........

If You Dont Ask You Will Never Know..

Изображение пользователя

Its on the hpHost blog

Сбт 30 Май 2009 10:30:08 — YoKenny

Its on the hpHost blog

This is a blog like forum and heaven forbid that it became infected with the common Web site infection that is prevalent right now and avast! is doing an admirable job of detecting then avast! would alert me that I should not stay here.

A couple of forums that I use very occasionaly were infected and I contacted their owners and they quicky corrected the situation.

Wow, the sun is out after 4 days of cloud and rain.

Изображение пользователя

Perfectly Safe

Сбт 30 Май 2009 09:22:48 — cod head (Не проверено)

Its if you go to hoHosts paul but it is perfectly safe to do so has it is a false positive.Meaning the av thinks its a virus but its not.(G.O.M.with Honours).

Изображение пользователя

Perfectly Safe.

Сбт 30 Май 2009 09:29:10 — paul g

Hey, cod head.Thanks a lot for your quick reply and shedding some light on that for me.
Thanks for your time.........cheers...........p...........

If You Dont Ask You Will Never Know..

Изображение пользователя

...

Сбт 30 Май 2009 13:37:51 — MysteryFCM

For reference;

http://hphosts.blogspot.com/2008/09/avs-throwing-v...

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Изображение пользователя

There is a discussion about Script blocker in avast!

Сбт 30 Май 2009 16:02:48 — YoKenny

Script Blocker mystery
http://forum.avast.com/index.php?topic=45438.0

I know you like a Mystery Steven. :)

Изображение пользователя

??

Сбт 30 Май 2009 18:35:59 — MysteryFCM

What's the mystery? (reading it, it seems pretty clear as far as the function of the script blocker, and it's hierarchy as far as internals usage is concerned (i.e. how far between the chain (Web > client) it is based))

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Изображение пользователя

The mistery

Сбт 30 Май 2009 20:07:39 — YoKenny

The mystery is why dude2 does not understand about Script Blocker.

Or maybe I don't understand what he does not understand.

Изображение пользователя

....

Сбт 30 Май 2009 20:18:10 — MysteryFCM

hehe that's an easy one ...... it's because he's not technically inclined, and the descriptions of it, aren't being presented in plain "newb" English.

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

© WOT Services подана заявка на получение патента