gstatic.com is malware

Just last two days getting a ton of messages from Avast that it is blocking various websites ending in “gstatic.com”.

Is that really a malware source or a false alarm?

Report 2011-07-09 18:33:10 (GMT 1)
Website gstatic.com
Domain Hash 05d986b30d7eb849a90ddf372e58e082
IP Address 209.85.148.120 [SCAN]
IP Hostname fra07s07-in-f120.1e100.net
IP Country US (United States)
AS Number 15169
AS Name GOOGLE - Google Inc.
Detections 0 / 23 (0 %)
Status CLEAN

Report 2011-07-09 19:11:29 (GMT 1)
IP Address 209.85.148.120
IP Hostname fra07s07-in-f120.1e100.net
IP Country US
AS Number N/A
AS Name N/A
Detections 0 / 26 (0 %)
Status CLEAN

Please, check your hosts file - is it empty or not?

I visit sites that regularly have cross site scripting to load data from gstatic.com and no alerts from avast.

So there appears to be something else going one here, so I would follow kubecj’s suggestion and check out your HOSTS file.

  • HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 (but could just as easily be used to redirect to malware sites), check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.

Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file

Hi glnz,

What about this, lot of this malware now dead or closed, but had been there:
-http://www.malware-control.com/statics-pages/878ee58bb1e03f1ce20efe0477793855.php
There was a sality virus attack once from there, also phishing on Google image search, etc.

polonus