Hello,
I am getting a “A virus was found alert” alert when I browse to a particular website all other websites are fine. The Malware name identified is HTML:script-inf. The computer I am connecting from doesn’t appear to have any viruses on scan or boot scan. As far as I am aware there shouldn’t be any malware on the site I’m browsing to. Is there possibly an issue with the website code that could be generating this message?
What is the URL that the detection is on ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
Modify the link so it isn’t active to avoid accidental exposure, change the http to hXXp.
The detection is I assume by the web shield and the only option it gives it Abort Connection, e.g. drop that download (so it shouldn’t be on your system) ?
The site could be hacked… or could have encrypted code (suspicious)… better will be knowing which site it is…
Hello,
Thanks for the responses. The site in question is www.icbf.com I’ve checked the log and it seems that the warning comes up when you go to the web page it doesn’t look like there is a virus on the PC.
It returned clean with Dr. Web. But avast is triggering it. Maybe you should edit the link to not leave it live in forums.
The site in question is using webstat.net, which we block. Can you get in the contact with the owners and ask them if they’re sure about webstat.net credibility and if they have the contact with them?
The scripts of webstat.net are very suspicious, they have no contacts, no about us, no ToS and the email used in domain registration is invalid.
UPDATE: Sent mail to 9 different @webstat.net addresses, all of them returned as non-deliverable. Scripts are three times obfuscated, with the bottom layer having iframe somewhere to China.
Jindrich,
Thank you for the reply. We’ll check into this and see what the webstat.net site is being used for.
Hi Jindrich,
The webstat.net reference has been taken out of the code and the website is running fine now. Thank you for your help.
Eddie.
I’m just interested if it was there by purpose or by hack 
The reference was there on purpose it had been used at one stage to collect web stats but I’ve been told that the code was actually commented out some timte ago on the website.
I am getting The Malware name identified is HTML:script-inf.
The side is hxtp://vsedlyavsex.com/forum/forumdisplay.php
As far as I am aware there shouldn’t be any malware on the site I’m browsing to.
Any suggestions??
Thanks
I am getting this same exact thing with a website I USED to be able to visit till earlier this year.
hXXp://www.boogiezone.com
Everyone else I know can see it, but I get a warning and then it aborts the connection.
Please help me!
Thank you.
Hi kirari, welcome to the forum 
Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.
Please see:
http://www.UnmaskParasites.com/security-report/?page=www.boogiezone.com
Unfortunately it would appear as though it has been hacked.
UnmaskParasites has picked up on the object that is causing the alert.
There is an inline script pointing to a fake google analytics site. (Look at the spelling → anaiytics )
This is a method of quietly infecting sites as it is harder to spot.
-Scott-
Hi Scott!
thank you for the welcome and thanks for replying.
So I have to wait for the site to get rid of it?
Because this is a site I would like to visit again since it’s a community I’m active in
Does the unmaskparasite do anything to the pc?
Does the unmaskparasite do anything to the pc?No it is an Security report of the website
Hi kirari,
You’re welcome
Essentially yes, the site owner needs to remove the script on the page.
As said already, UnmaskParasites is a tool that checks the web pages, and doesn’t do anything to your pc.
-Scott-
Hi, I don’t mean to be necro-posting but I just recently had the same problem, when visiting http://na. square-enix .com/music/cm/profile/, of all places.
And the area is littered with this occurence, as a heads up. Either this is a bug, or someone just really hates S-E’s music.
There is a problem in the way they appear to be loading images, I get three alerts. See image1, that shows alerts on what are meant to be .gif files, but they aren’t .gif files, but html files, see image2. In those alerts all the pages are identical (see virustotal scan results below) and all point to a domain which I believe is malicious, b35.info and this is confirmed by avast, see image3.
So it appears to me that this site has been hacked.
This appears to be the offending script tag on the page that tries to load these .gif images (that aren’t images), image4
I’m seeing this on another part of their website http://na. square-enix.com
It appears that S-E may not even really use this area, instead using http://square-enix.com/na (no virus in this version)
I called their customer support recently and had denied that any viral/worm activity exists on their [North American] website. I gave them the malware identity before hanging up; I just don’t want to see anyone get hurt, on both sides of the web spectrum.
I pray they investigate it.
Luckily I use Mac AND Windows, and I guess if it wasn’t for me using Windows, I would have been completely naive of this situation. I’m perhaps one of the few Mac users out there that doesn’t use the Mac version of Avast! (sorry Alwil, I have my reasons).
Some sites get hacked and the owners are blissfully unaware and some completely adamant they aren’t infected.