Hi,
After today update, Avast is blocking this site:
http://xoomer.virgilio.it/mikyegenny/
I’m sure it’s virus free, and no antivirus, but Avast, is blocking it. What can I do?
It appears to be a broken link (or at least it seems like it to me).
First off, I assume it’s the web shield that is saying that it’s infected.
What is the reason? i-frame, script, etc?
Could you maybe copy the source code of the afflicted page, save it as a txt file, and attach it in a post so that we may look at the code?
Hi scythe944,
Exploit Prevention Labs LinkScanner and Norton Safe Web Scanner give it clean, as does DrWeb AV Link Scanner. Bad Stuff Scanner: No zeroiframes detected!
Check took 2.77 seconds
(Level: 0) Url checked:
hxxp://xoomer.virgilio.it/mikyegenny/
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxxp://xoomer.virgilio.it/mikyegenny//redsheriff/multiframe.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
hxxp://community.alice.it/common/virgilio/ponte/ponte_header/inc_header_800_xoom.html
Blank page / could not connect
No ad codes identified
(Level: 2) Url checked: (iframe source)
hxxp://community.alice.it/common/includes/footer/inc_iframe_footer_xoom_roma.html
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxxp://adimg.alice.it/jsc/advmanage.js
Blank page / could not connect
No ad codes identified
(Level: 2) Url checked: (script source)
hxxp://server-it.imrworldwide.com/a1.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (meta refresh)
content=5;hxxp://xoom.virgilio.it
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
hxxp://server-it.imrworldwide.com/a1.js
Zeroiframes detected on this site: 0
No ad codes identified
Else it should be somewhere here - broke the links||
<!-- START check_rs_frame -->
<SCRIPT LANGUAGE="Javascript">
<!--
check_rs_frame=1;
//-->
</SCRIPT>
<SCRIPT LANGUAGE="Javascript" SRC="/redSheriff/multiframe.js">
</SCRIPT>
<!-- END check_rs_frame -->
<script language="JavaScript">
<!--
var pCid="it_Matrix-it_xoomfree";
var w0=1;
var refR=escape(document.referrer);
if (refR.length>=252) refR=refR.substring(0,252)+"...";
//-->
</script>
<script language="JavaScript1.1">
<!--
var w0=0;
//-->
</script>
<script language="JavaScript1.1">
<!--
if (check_rs_frame)
{
document.write("<script language='JavaScript1.1' src='hxxp://server-it.imrworldwide.com/a1.js'><\/script>");
}
//-->
</script>
<script language="JavaScript">
<!--
if(w0 && check_rs_frame){
var imgN='<img src="hxxp://server-it.imrworldwide.com/cgi-bin/count?ref='+
refR+'&cid='+pCid+'" width=1 height=1>';
if(navigator.userAgent.indexOf('Mac')!=-1){document.write(imgN);
}else{
document.write('<applet code="Measure.class" '+
'codebase="hxxp://server-it.imrworldwide.com/"'+'width=1 height=2>'+
'<param name="ref" value="'+refR+'">'+'<param name="cid" value="'+pCid+
'"><textflow>'+imgN+'</textflow></applet>');
}
}
document.write("<COMMENT>");
//-->
</script>
polonus
Thanks polonus… I wonder why I can’t bring up the page? Avast isn’t killing the connection, it just seems like the site is down.
Oh well.
As you can probably tell by Polonus’s post, there is a script that tries to load this site: hxxp://server-it.imrworldwide.com/ which is probably why Avast is aborting the connection.
You’ll have to clean up the code.
It’s not broken, the real home is:
http://xoomer.virgilio.it/mikyegenny/index.html
Here is a mirror:
http://mikyegenny.altervista.org/
The only difference is the counter, between Virgilio and Altervista providers.
If the reason is “hxxp://server-it.imrworldwide.com/”, why didn’t Avast block it yesterday? No change in last days, in that page.
Done. I saw it, and there isn’t that link in it… maybe does provider Virgilio put it in index page? Provider Altervista doesn’t.
UPDATE:
I found this in Avast:
-Last 10 attacks-
07.04.2009 19:32:47 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 3956 ) ]
07.04.2009 19:37:16 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 3956 ) ]
07.04.2009 20:16:32 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 3956 ) ]
07.04.2009 20:44:38 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 3956 ) ]
07.04.2009 21:00:46 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 3956 ) ]
07.04.2009 21:58:33 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 5148 ) ]
07.04.2009 21:58:33 Network Shield: blocked access to malicious site xoomer.virgilio.it/favicon.ico [ C:\Programmi\Mozilla Firefox\firefox.exe ( 5148 ) ]
07.04.2009 21:58:52 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/.index.html [ C:\Programmi\Mozilla Firefox\firefox.exe ( 5148 ) ]
07.04.2009 21:58:57 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/index.html [ C:\Programmi\Mozilla Firefox\firefox.exe ( 5148 ) ]
07.04.2009 22:09:18 Network Shield: blocked access to malicious site xoomer.virgilio.it/mikyegenny/ [ C:\Programmi\Mozilla Firefox\firefox.exe ( 5148 ) ]
There is another topic on xoomer.virgilio.it if you try a forum search, where it has been acknowledged as a false positive that will be corrected on the next VPS update.
Interestingly the main domain virgilio.it doesn’t alert.
WOT doesn’t like xoomer.virgilio.it either, http://www.mywot.com/en/scorecard/xoomer.virgilio.it.
Thank you very much, DavidR and everybody.
You’re welcome, hopefully the VPS update will correct this soon.
Fixed! 
Yes thanks, also reported in the other topic relating to this.
A belated welcome to the forums.