Hello Avast is dectecting pandanda contact form as malware is it a false alert or something here is a picture i uploaded hxxp://twitpic.com/26bujy/full
??? hello i asked is this a false alert or something but nobody replied to it
Yes you did, but I don’t believe any of those viewing it have any idea what this is.
Generally I don’t visit off-forum sources to view images. Images can be posted in the topic with the link to any image sharing resource or attached to the actual post. When attaching images (additional options in the Reply to post) try cropping the image to only that necessary to make the point and using the .gif image format also keeps the image file size down for us poor saps stuck on dial-up.
That way anyone who may be able to help doesn’t have to work outside of the topic, it just makes it easier, see image1 attachment. What would have made it even easier would have to have been to post the URL with the
http part changed to hXXp to break the suspect link to avoid accidental exposure.
The web shield has been very accurate on such detections in the past.
The upshot of all this is that this form has been hacked (image2) trying to run a script on what would appear to be a malicious site (image3) and it may well be that other parts of the site have also been hacked. Also see info on the redirect site http://www.mywot.com/en/scorecard/kdjkfjskdfjlskdjf.com.
By providing this information in the post to start with would have guaranteed a response fairly quickly as it is it has taken me over 20 minutes to extract the information and investigate it.
So it is no false positive and avast isn’t alone in this detection, http://www.virustotal.com/analisis/0e57550c68731abf8263d5d48c5f4ceb3e58f38b3f2e02e80154495a413811cc-1279594335
That’s me for the night, after 4am here.
Coolmario88cp,
Please change the link you put in your first post from http to hXXp so that others cannot click on it and get infected since this is a malware site.
If you feel that your issue is now resolved/fixed, please go back to the open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title.
If you feel that you need assistance with malware removal, please post in the Virus/Worms section of the forum. Thank you.
OMG i didn’t know that is the website pandanda safe itself or is it just the contact form? and thank you for helping
i don’t know how to. but you maybe know so how do i
Only you can do it since you made the post. Go back to your original post and click on “Modify” (top right corner). Then change the http to hXXp. Then go to the bottom of the page and “Save.”
before i get off online i have a question if avast blocked that contact form i shouldnt have malware on my computer from it should i?
Shouldn’t…but no software is 100%. I, and many others believe in a layered line of security defense, so I recommend using an on-demand malware scanner as a “just in case.”
First, did you run a Full Scan and a Boot-time scan with Avast? They will take a while but allow any infection to go into the Virus Chest. Make sure your Avast definitions are up to date prior to running the scans.
For an on-demand scanner, check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply if anything positive comes up.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts – Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.
If Avast blocked you from entering the site, you should be fine. But the suggestions I gave you are something you should do to make sure you are clean, but not something you need to do right now…just to clarify.
Seems only to be the form. (See report)
You should inform the webmaster about it.
asyn
Report 2010-07-20 12:19:31 (GMT 1)
Website pandanda.com
Domain Hash 541672c70443d12ecf91248fb3e06865
IP Address 72.167.131.2 [SCAN]
IP Hostname p3slh151.shr.phx3.secureserver.net
IP Country US (United States)
AS Number 26496
AS Name PAH-INC - GoDaddy.com, Inc.
Detections 0 / 17 (0 %)
Status CLEAN
i told pandanda to check there html script and they told me they found the malware in it that avast was dectecting and now its fixed i even tested it
Fixed is fine, but if they only remove the injected script tab in the hacked page and fail to find out why they were hacked (vulnerable software being exploited) then there is every likelihood that it could be back.