system
April 21, 2011, 3:00pm
1
Hi.
I try to open a link at arktis.de (big dealer, amazon partner, they say their site is clean, other customers have no problems).
The link is found in this website (which is opening):http://www.arktis.de/widerrufsrecht/
down here:Bitte benutzen Sie im Falle eines Widerrufs unser ausdruckbares PDF-Rücksendeformular:arktis.de/retoure/
The link …retoure should lead to a fillout form for a *.pdf:
But Avast says:http://img130.imageshack.us/img130/676/avastd.jpg
I have no problems opening other sites or direct *.pdf files!
Thx
Win 7 32bit, FF 3.6.16 (IE 8 is not opening either, but no avast popup!)
system
April 21, 2011, 3:02pm
2
can you break the second link in your post? thx.
system
April 21, 2011, 4:04pm
3
This detection would appear to be correct.
While the page redirects to another page, it actually also contains an iframe that doesn’t belong.
This iframe is what avast is alerting on.
avast is not the only one to detect this: http://www.virustotal.com/file-scan/report.html?id=a0f0467fa45611ea4d9155e99fa5046f2069e948da5a99eada07a3910ee037cb-1303401707
system
April 21, 2011, 4:25pm
4
Thx. I´ll inform arktis.
But whats with me: is it safe to deactivate avast for the one link?
DavidR
April 21, 2011, 4:37pm
5
The short answer, for this link I would say no, what ever it is that you want to connect for isn’t worth the risk of your system getting infected.
The iframe that is in that page could have any payload at the other end of the redirection.
Though the bolwiegorodagovorjatda.com is unreachable at present, but that could change and what ever was able to insert that iframe tag in the site could just as easily do it again with another site.
system
April 21, 2011, 4:56pm
6
Thx alot at all of you - I´ll let them send it by mail
Mike
system
April 21, 2011, 5:00pm
7
BTW: where did you find the bolwiegorodagovorjatda.com ? Is there any log in avast?
and, before I open a new question. in the avast ptions - realtime protection - webprotection I read down low:
Last scanned website: http://199.93.61.27/idle/SL4mbD8iO-IGtoXr/1337 . (<-- number counting up)
What is this site from. When I open a webpage I the it scanned short in this line, then again above adress.
DavidR
April 21, 2011, 5:25pm
8
Click the second image (to expand it) that Scott posted and you can see the iframe tag and its remote location.
system
April 21, 2011, 5:36pm
9
Ah, I see. Is there a tool used. I just tried
http://www.internetofficer.com/seo-tool/redirect-check/
entered my iframe adress, that led to the [i]Response:
to Type of redirect: 302 Found
Redirected to: http://www.arktis.de/Arktis-Retourenservice/[/i]
If I click that one, it leeds to the site I needed.
system
April 21, 2011, 6:05pm
10
Okay, I checked the link with Mazilla, but I guess I´m not good a this.arktis.de sites source code - where I could´t find the posted adress.
Then I tried a second time and clicked NO - and saw this time the link bolwiegorodagovorjatda.com
I guess I shouldn´t have clicked YES before
system
April 21, 2011, 6:09pm
11
Yes, essentially, the iframe is loaded before the redirection is done.
system
April 21, 2011, 6:14pm
12
Oki, learned here. Is there a special scanner next to avast to see if I infected my pc?
Thx
system
April 26, 2011, 12:03pm
13
Hi. No last idea if something was downloaded there within Malzilla?
Thx
system
April 26, 2011, 1:37pm
14
Malzilla? It just downloads the source of the page, and is cleared on exit. (depending on settings) You can also clear it yourself, if you wish (in settings - download tab)
system
April 26, 2011, 6:56pm
15
OK, thx. I thought by first following the redirection with YES I already activated a download in Malzilla.
Thx,
