Sometimes I get an avast popup saying it is blocking a virus, sometimes not, but I always get:
Fatal error: require_once() [function.require]: Failed opening required ‘./initdata.php’ (include_path=‘.:/usr/local/php53/pear’) in /home/ccleaner/public_html/index.php on line 23
Thanks for the links. The first time I tried the zscaler.com link, it said forum.piriform.com is OK. The second time is said it is malicious. The securi.net link reports it as malicious.
forum.piriform.com is an old established forum. I don’t go there frequently so don’t know how long this problem has existed. Of course they could be infected but I doubt it. I suspect it’s just a bug in their code. I tried to email their webmaster but it was returned as undeliverable.
noting is 100% secure…
and the more people that visit a site, the more interesting it is for thew bad guys to infect as they fish in the pond that have most fish…bigger chanse that somone take the bait
Any site can get infected… Geeks to Go was hit about a year back, only Avast spotted it. The site was down for a day whilst they cleared the redirect malware
I’m not getting the avast block anymore (are you?), just
Fatal error: require_once() [function.require]: Failed opening required ‘./initdata.php’ (include_path=‘.:/usr/local/php53/pear’) in /home/ccleaner/public_html/index.php on line 41
So I think this is a case of a buggy website, not a virus. They’ve cut themselves off from the outer world by making their registration private and not providing a working email address to contact them. So they may still be unaware.
Lets put it this way, why would piriform.com, a UK Company, be connecting to a Russian IP address (rather than a plain language domain name), at best that is obfuscation, at worst highly suspect.
"Piriform is a privately owned software house based in the West End of London, UK"
Though server appears to be in Texas.
When this is in relation to an iframe, I get even more suspicious as it reeks of iframe injection. Look further and you will find that the 46.166.147.133 IP address is on the avast malicious sites list and WOT doesn’t like it either. I’m sure if you do any further analysis on the 46.166.147.133 IP you will no doubt find more, so it looks like an iframe injection attack on piriform.
The forum.piriform.com website is back up now. I’ve been able to go there and login as usual, with no more avast blocks/warnings. It is still producing some errors but I believe that’s faulty coding or a server error. I believe the former virus block was probably a false positive from avast, but that’s just my impression. Possibly it was infected and they’ve fixed it already. I don’t know of any way to find out except - I’ve finally managed to send them the info via a support ticket.
I sent a copy of infected HTML to Avira labs and even they confirmed it:
The file ‘Piriformforum_infection.html’ has been determined to be ‘MALWARE’. Our analysts named the threat JS/Redir.BF. The term “JS/” denotes a Java scriptvirus. Detection will be added to our virus definition file (VDF) with one of the next updates.
Me neither…Spoke too soon…went there once got nothing from avast…second attempt and got a hit ;D
scanned my chrome folder and temp files and didnt find anything…it looks like it comes clean once and a hit at next atttempt!