Heads Up!

apologies if this is being placed in the wrong category. i understood from a recent avast communication that avast is soliciting for such postings.

while bringing in http://morelevel.dk/, which i was led to believe is the twitter site, i downloaded a virus or trojan (see attached) – avast caught it before it gained a foothold.

i mention also that i had identical experiences with the isohunt site http://isohunt.com/

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.

See http://www.stopbadware.org/reports/container?reportname=http://mettgroup.com/, so from your image, it appears that avast was correct in blocking it.

However, it may be that the site you were visiting has been hacked to try to connect to this site. This is what the boot.php is detected as if you were unlucky enough not to have had avast (see image) an iFrame exploit no doubt to run some malicious code.

Update:

I visited this site and avast didn’t alert on me so I thought they might have cleaned up there site, so I only followed the link shown in your image, to the boot.php file.

I have since taken another look at the page source of the home page at morelevel.dk and it looks like the page has been hacked as there is a large chunk of obfuscated javascript after the closing html tag (see image), a standards no, no. It is this that is almost certainly directing you to the other site (which is blocked by the network shield) as I’m reasonably sure it is an iframe that is being obfuscated.

thanks for the technobabble!

i wish i knew what you are talking about, but you can be speaking an obscure dialect of urdustani and i would not know the difference!

http://morelevel.dk/ is shown as clean now.
I cannot reach http://isohunt.com/. Most probably because other security programs are blocking it in my computer. Maybe a not safe site?

what do you mean by “shown as clean”? how can you detect this? how could it have been repaired so coincidentally?

do you think that this site is periodically compromised? why this site?

When I clicked the link, Avast’s Network shield alearted a virus.

In the screenshot you’ve posted before there is a Network Shield alert in the bottom right of the screen.
Now, Network Shield is not shown there anymore. So, the avast settings should have been changed (virus database update).
Other possibility is that the webmaster of that site correct something there (if the site has been hacked).

Which is your virus database? 090508-0 ?

Basically I believe it means we have both visited the site and avast didn’t alert, but in my last post it shows suspect code.

I can reach isohunt.com and no alert by avast and checking that source code I can find nothing obviously suspicious.

Sites get hacked and it is very common now, if they don’t resolve ‘why’ they got hacked then they could clean up only to be infected again at some point.

Most probably it’s HostsMan who is blocking the site from my side.

090508-0, 05/08

In the screenshot you've posted before there is a Network Shield alert in the bottom right of the screen. Now, Network Shield is not shown there anymore
.

this phenomenon happens periodically, even with the isohunt site: avast shield appears with first visit, does not appear with the second and/or third, and then reappears with the third or fourth.

I tryed visiting the site again and got the alert and then the next time it wasn’t a alert. Is the code allowing the virus to be exicuted randomly so users think its a good site?

Hi nweissma,

He has a point there some sites turn out an malware infested one every umpt time, to reassure the user it is a safe site,nts have devious ways,

pol

HostsMan does not block anything but the HOSTS file does that HostsMan can retrieve and it is blocked because it is a malware distribution site:
http://hosts-file.net/default.asp?s=isohunt.com

I know that… a way of speaking… I’m not bashing HostsMan, just that it deliberately and accurately (maybe) using a 3rd party hosts file source is blocking through hosts file in the user computer the access to that site (which is probably malicious).