When did you have this problem ?
If yesterday, ensure you have the latest version of the virus definitions currently 110412-1.
I have been reported the problem today (I don´t have it because I don´t use an antivirus), but I´ll check if the problem was yesterday and it continues today.
Thanks for your answer.
No problem, glad I could help.
Welcome to the forums.
Hi Masterbo,
There sure is something fishy with this domain (W32:Malware.gen launching site),
new malware is being launched from maxmind dot com from time to time and in the recent past,
malware now dead once launched from there came from:
htxp://www.maxmind.com/app/locate_my_ip
This has been found there: http://www.malware-control.com/statics-pages/74657b51a5d999c8438a02d922f2da59.php
htxp://www.maxmind.com/download/geoip/database/GeoIP.dat.gz unknown suspicious executable
htxp://www.maxmind.com:8010/a?l=PeAyF1sgrZYw&i=
Was not detected by virustotal: http://www.virustotal.com/file-scan/report.html?id=fc749a44906d1f5230389b8bd8340e9f07dd5acb3772d934dcb194bd59236c40-1256984042
htxp://j.maxmind.com/app/geoip.js
also was not detected: http://www.virustotal.com/file-scan/report.html?
id=23a1749ed06eab0128f6ce8e22fafc3bb27d777fdd8b2dbf011ae1b3c48a4770-1256865607
But the malware pointing to Pornsites was described here:
http://malwaresurvival.net/2011/02/15/speedboing-com-porn-site-points-to-malware/ (author and source:
http://malwaresurvival.net/author/admin2008/ malware survival - malware then detected: February 15, 2011)
If avast detects something there, this domain is certainly not beyond suspicion. Proven that malcreants used this domain before,
and have gone under the av radar for some time…
polonus
You were right. The problem disappear after updating avast. Thank you for your answer.
No problem, glad I could help.
Welcome to the forums.
I have a same problem. Website www.arbalest.ru
Neither antivirus does not define it as infected. Only avast
@OlegAnat
Suspicious here http://zulu.zscaler.com/submission/show/8dd6536c65f1c6daf27df3214decc62f-1392210791
This is a so-called “Multiple IPs”-site.
Bot or Trojan IPs # of Connections First Identified Last Seen Threat Danger Level
90.156.201.36 15 3 years ago 5 days ago RUSSIA 1
3 years ago 5 days ago Eastern Europe 1
3 years ago 5 days ago Modified ITAR 1
3 years ago 5 days ago Russia 1
Historical
10 months ago 4 months ago AlienVault 4
10 months ago 10 months ago IID-bot 5
10 months ago 10 months ago BOTNETS 5
See: http://support.clean-mx.de/clean-mx/viruses.php?ip=90.156.201.36&sort=lastseen%20asc
See: http://jsunpack.jeek.org/?report=bdaa01d0df3b5e4f723831778c5f8b6bd6e51fda
See for IP Recent reports on same IP/ASN/Domain → http://urlquery.net/report.php?id=9413439
Blocked is this external link: htxp://d3.c3.b0.a1.top.list.ru/counter?id=1061635;t=134;js=13;r=undefined;j=true;s=1176*885;d=24;rand=0.19010185478453023
2 suspicious files on site flagged by Quttera’s http://quttera.com/detailed_report/www.arbalest.ru → http://jsunpack.jeek.org/?report=5da6b5a5d3af5651d485aea625fa11809e5a92c9 & http://jsunpack.jeek.org/?report=5b26d00cde20b158fbe29a5f61261e8e566e1135
(redirecting trojan code?)
No longer blocked here: http://www.arbalest.ru/index.php?show_aux_page=117
nor here: http://arbalest.ru/index.php?show_aux_page=66
polonus