May a ADMIN or MOD please check this. If is a real infection, please contact them so we can go in the site again.
See: http://malwarerescue.com/knowledgebase/remove-1phads-com-pop/
and http://www.urlvoid.com/scan/1phads.com/
Yes, the external link to htxp://1phads.com/notice.php?p=18942&interactive=1&pushup=1 is to a known infection source.
Detected suspicious redirection to external web resources at HTTP level. Detected HTTP redirection to http://rtbpopd.com/.
See: https://www.mywot.com/en/scorecard/rtbpopd.com?utm_source=addon&utm_content=popup
“Very annoying popup portal, always finding an ad to redirect to. Ads may contain malware!” “” reported by “54together”.
Fortiguard blocks: unknown 2 Malware
8.85.82.145 https://www.mywot.com/en/scorecard/1phads.com?utm_source=addon&utm_content=popup
HTTP/1.0 302 Moved Temporarily
Content-Type: text/html
polonus
https://www.virustotal.com/en/url/2e524360ca56902199e9dd5d3432a1c189e18d1a1a7381936c4c3e3df4f4020d/analysis/1419775696/
http://www.urlvoid.com/scan/opensubtitles.org/
http://urlquery.net/report.php?id=1419775706091
http://urlquery.net/report.php?id=1419775833466
List of blacklisted external links: 100
List of referenced blacklisted domains/hosts: 6
http://quttera.com/detailed_report/OpenSubtitles.Org
https://www.ssllabs.com/ssltest/analyze.html?d=opensubtitles.org
Hi Eddy,
Confirned here: https://www.virustotal.com/nl/ip-address/92.240.234.122/information/
avast detecs as Win32:InstallCore-HG [PUP]
The potential suspicious file: http://jsunpack.jeek.org/?report=2dc18fe722f2042fbd9afab241603f998d5c7120
See: https://malwr.com/analysis/MDc1YjcwNmU4NTUzNGZiMDlkNDljNjkzNmU5ZDE5MDg/
polonus
ADMINs, mods, advance users … AVAST team.
Let’s get together to fix this. There is already a discussion going on in their forum.
I’m sure i’m not the only major user and admirer of OpenSubtitles work.
check it out:
Avast is flaging OpebSubtitles.org with a trojan in Chrome
http://forum.opensubtitles.org/viewtopic.php?f=1&t=14946&p=30455
Hi monarcaV,
It is javascriot Adware injection and that is what avast is blocking.
And for opensubtitles.exe
where it is not only avast detecting this: http://www.herdprotect.com/opensubtitles.exe-4f254952e91b512202f2215de3acbe4c30b143ca.aspx
This bundler users the InstalleRex from WebPick Internet Holdings to install add-ons such as web browser extensions, coupon plugins (WebSave) and toolbars distributed via the tusfiles.net download site.Avast should not fix this, this bundler should clean up his act. Why your turning the tables unto anti-malware and anti-adware solutions that detect this bundled crapware, like PUP browser extensions, coupon plugins, and toolbars?
polonus
@polonus
You are right buddy, really did sounded like i was blaming the anti-malware products that detected the problems. That’s was not my intention. I was trying to get the OpenSubtitles.org people and the AVAST team get together, so the millions of AVAST users could access OpenSubtitles, again.
OpenSubtitles is quite major, does great work, BUT YOU ARE totally right @polonus, they have alot of cleaning up to do.
We got AVAST users on OpenSubtitle’s forum:
http://i.imgur.com/t2r2iQS.png
As of today November 29, 2014 OpenSubtitles.org is accessible again:
Hi monarcaV,
Hope these issues will be resolved, so you and others could again appreciate the software is it was meant to be,
Hopefully they can convince the internal marketing folks that persistant adware bundling is earning cheap money on the one hand but also could backfire greatly on the other, especially with end-users.
Alas these folks do not have security as a first priority or do not understand the issues involved. Also this a bit “sign of the times”.
Hopefully all will be well that ends well,
polonus (volunteer website security analyst and website error-hunter)
You can use http://www.avast.com/contact-form.php for reporting potential false positive (archive or site wrong detections).
Sorry for the inconvenience.
Recently they are bundling a variant of Win32/Toolbar.Babylon.C in MovieSubtitlesSearcher.exe.
Babylon Toolbar removal is known to be problematic and should be performed under guidance of a qualified remover.
Browser should be reset to Default etc.
polonus
opensubtitles should be permanetly blocked, they are spreading malware continuosly.
I just spend time to cleaning my friend’s pc, this was not the first time nor the first friend.
I’ve now blocked his access to that site.
Why doesn’t avast regonize this thread?
http://forum.opensubtitles.org/viewtopic.php?f=1&t=15110
Sincerely
Francois
Clear enough they are bundling adware: http://www.herdprotect.com/opensubtitles.exe-4f254952e91b512202f2215de3acbe4c30b143ca.aspx
This bunder users the InstalleRex from WebPick Internet Holdings to install add-ons such as web browser extensions, coupon plugins (WebSave) and toolbars distributed via the tusfiles.net download site → http://www.herdprotect.com/domain-www.tusfiles.net.aspx
Avoid forced downloaders!
polonus