Hello,
I received an avast alert when I tried to view some DVD encoding advice at the following page:
h**p://www.dvdhelp.us/html/tuttmpgencadvquantize.htm

I thought it was a legitimate site, unless it’s a very similar name to something else.
Is is a false alarm, or real malware?
Thanks for any assistance

PS it was in Firefox and I have the noscripts add-on installed, but I have selected
“Temporarily allow top level sites by default/Full addresses”

I don’t think if it be false alar, because that URL have not good popularity…
also avast! said that found virus in in-line frame, it must be real malware

This is most certainly not a false positive, it looks like code insertion (iframe tag) in multiple pages, see image1 where my alert is on the home page.

This code is placed after the closing HTML tag, which is a standards no, no.

The iframe tag has a 0 width and hight to hide it from view and tried to redirect/execute code on a ciniese domain, see image2.

So it looks like this site has been hacked.

DavidR and Omid,
thanks for the information. Would it be safe to access this site with j-script completely disabled?
If it is, I may try and send them a message telling them of this link to malware.

regards,
Dave

NO

That was the short answer.

The slightly longer answer, as this has nothing to do with javascript and iframe infection doesn’t require javascript. The site that it tries to land on uses .php so again javascript doesn’t have to be enabled to get hit.

The other one is that to be able to visit that site you would have to disable the web shield and that would be frankly crazy, no infected site is worth the potential risk) or it wouldn’t let you browse the site it would be constantly alerting.