Yesterday I was using google.ca search. I typed “lotro avatars” and when I clicked the search button, and the results page loaded, Avast informed me that it has blocked a malicious website. I then tried searching the same thing a few more times but Avast didn’t block anything. I ran Malwarebytes, Superantispyware, Windows Defender, and Avast scans but nothing was found. Today I tried typing “lotro avatars” in the search box and when the results page loaded it blocked a malicious site again. What is strange is I’m not even clicking on any search result link, I’m still in google search. The blocked connection is:
Sorry I’m a bit confused. Does this mean I’m infected or that google.ca is infected? I never clicked on any link, it happens when I’m in google.ca search results. Remove offending code from .htaccess and/or index.php? I have no idea what that means, sorry, or how to do that?
Yes, I understand that. My question is why is Avast Network Shield scanning this connection, when I have not clicked on this URL in my web browser, and it does not show up in google search results. When I enter “lotro avatars” in google search, none of the results on the first page list that infected website, so why is avast blocking it’s connection. I’m not even clicking on any link, i’m still in the google search page.
It only does it when I type lotro avatars in Google search. Once it detects the malicious connection, If I try to search the same thing again, I get no popup. It is only if I reboot the PC and try again that I get the warning.
I was searching for similiar posts and found one where a user was having a similiar issue if he would type browser games in Google search, but that did not show anything malicious in Avast for me.
That is the pro-active protection of the Network Shields that alerts even to you entering that url to effectively block before you even get access to the malcode.
So the Network Shields does not even offer you the chance of getting infected (well if you heed that alerts,
and a user would be stupid to circumvent an alert for malcode, wouldn’t he/she or it?).
The conditional redirect from the site is also being reported here: http://productforums.google.com/forum/#!topic/webmasters/8OaORgipx6s →
Google Product Forums › Webmaster Central ›
My site is being redirected in Google SERPS to htxp://uniqtext.com/search.php?theme=Keyword (poster = christian231)
Came via a timthumb flaw. When functions.php has been cleansed, it should not get an alert anymore
(see the obfuscated malcode given in that posting) but avast is still flagging the link as URL:Mal, a general malcode detection,
Ok Polonus, I understand that the website URL in question is infected. But my question is why is Avast blocking this connection if I never visited the malicious website. When someone tries to click on an infected website Avast will block the browser from loading the website so not to be infected. But my browser is still in Google.ca. I have not entered any website, I’m just doing a simple search. All i’m doing is typing lotro avatars and when google shows me the search results I get this alert. I have not tried entering the uniqtext website or any website for that matter.
So is my PC trying to enter this website without my consent? If I was to disable Avast and try typing lotro avatars in Google search, would it automatically direct me onto the malicious website? This is what I want to find out.
Malicious websites exploit program vulnerabilities in java, adobe flash player, adobe reader, windows operating systems, etc.
It is impossible to know what vulnerability exploit is likely, that is being triggered, there on your system, if indeed, that is what is happening, as every user’s system is configured differently. If it is indeed a trigger on an known/0-day exploit, then all that is necessary is to visit the google.ca site using the keywords used, and an unseen element on that page sets Avast! Web or Network Shield off.
If you are running older, obsolete versions of java, or adobe, suggest strongly to update soon as as possible. I personally have no java running, as that will remove more than half of the potential threats to my system. Of the two, java seems to have the worst of it.
Be thankful Avast! has your back. Even known and reputable sites suffer from malware intrusions, and this can happen to them at any time.