Chrome Zone = malicious site?

Avast! Home 4.8.1335 won’t let me go to the Chrome Zone forums at http://chromezone.s3graphics.com saying it’s a malicious site. Any way to over-ride these false positives in the future before a fix?

Thanks.

I have no idea why it is blocked, but I was able to get to it to investigate (I wouldn’t advise you do that just yet), however, the site is down for a revamp, see image. It directs you to the forums, http://forums.s3chromezone.com (no alerts at that URL) perhaps you could check there if they are aware of this.

You can report it at virus @ avast (dot) com as a possible ‘False Positive - Network Shield’ (use the quoted text as the subject) and hopefully it will be quickly investigated. Give a link to this topic.

As soon as I opened this post, avast warned me. I guess it’s still there. I’ll try to figure out what it is…

When I opened the link, the Network Shield blocked two sites.

05.05.2009 16:37:05 Network Shield: blocked access to malicious site chromezone.s3graphics.com/favicon.ico [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 1840 ) ]

05.05.2009 16:37:05 Network Shield: blocked access to malicious site chromezone.s3graphics.com/ [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 1840 ) ]

Looks like the site could be a virus and the favicon icon could be a backup virus. I’m going to investigate in firefox with noscript.

Avast blockes acess to hXXp://www.s3graphics.com/ too. Maybe the virus came from the webhosting server. This site could of been hacked or it could of had a virus on it on purpose or it could be a false positive.

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?

Other way would be to contact them

Well, I just checked out the website without avast protection and looked at the code (I don’t care, I just have a test machine) and the only thing that I could see that might be telling avast that there is a malicious code was this:

document.writeln("You are being redirected to the forums.
");
setTimeout(“location.href=‘hxxp://forums.s3chromezone.com’;”, 5000);

I don’t see any problem with that code though.

I’m not really sure what is setting avast off. If that site “hxxp://chromezone.s3graphics.com/” is actually the page that’s giving avast problems, it must be a false positive. Unless of course the page that it forward or redirects to is the problem, then that’s a different story. If there is, I didn’t see it in the code of the redirected site either… “hxxp://forums.s3chromezone.com/phpBB3/”

I dunno… I’m stumped. :frowning:

Well I too disabled the network shield (not advised for the faint hearted) as I mentioned to be able to check the page nothing on it, but that isn’t the problem. What is that the network shield is matching it with a malicious site list. I have done many searches and can find no other indication of malware hosted on the sub-domain. Which is why I suggested reporting it as a possible FP.

Was distributing malware, I blocked the whole site. Now the malware is gone, removed from block.

Thanks for the info. Again, avast detection is correct (see reply #5 above).

Now the malware is gone, removed from block.

I’m getting the warnings again, maybe the malware’s back?

It may be that it hasn’t filtered through to a VPS update yet ???

Yeah, that’s possible…