Hey,
I have been getting a malware warning when I visit this website: hxxp.www.robinhollow.com/rhogr6.htm I can access the website but when I click on a link to the available guns, I get the warning. How do you know if it is a false positive? I have some friends who have no problem accessing the link. I tried it from work using Vipre AV, and it also sensed a problem. If someone could check it out that would be great.
Thanks
For me the connection was reset while trying to enter it.
Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.
This kind of detection is very common these days, with many ‘legitimate sites’ becoming hacked to distribute malware:
Every 3.6 seconds a website is infected
I can’t quite see what it is that is being alerted on, so I am not too sure…maybe someone else will have better luck.
-Scott-
Welcome to the forums, critters09. 
What is the exact warning that you are getting?
I could not find anything to set off a warning in the page source code though I could have missed something.
But, the page at the link is poorly written and perhaps some of the many unclosed/incorrectly opened tags are causing a problem. There are 346 errors and 6 warnings for the page at the link.
I get to the home page okay. When I click on the link to “firearms currently in stock”, I receive the warning that avast on access scanner has detected that the file hxxp:www.robinhollow.com/rhogr6.htm contains a sample of HTML:Allaple-A[Wrm]
I just tried it using Firefox and it happens every other time I try it, consistently. In IE it happens every time. Strange, at least to my uneducated brain!
Hi critters09…
If this is a site you visit frequently, you may want to drop a line to the site owner if you are able to contact them. Allow them to check their website. I wouldn’t continue to visit at this time, since you are receiving warnings. Pondus has also given you a heads up with the two links that have been provided. Better safe than sorry.
The detection looks good as it isn’t only avast that detects something strange in that page, see these results 15 detections from 41 different scanners, http://www.virustotal.com/analisis/0689114bfcd5f01dbf5e35a0b412ddf4813c34051a46ac8a8b439c955695fbe8-1263066299.
So as has been mentioned in the above posts the site may have been hacked.
I had a look at the page code and whilst there isn’t anything obvious, there is an Object tag at the start of the page and this looks suspect to me as the Object tag isn’t all that common.
Also see this link, more information tab and that mentions this type of use of the Object tag, http://www.sophos.com/security/analyses/viruses-and-spyware/trojallaplea.html
I was suspicious of the object tag, but I wasn’t sure about the info I found regarding the clsid there…
Generally I don’t check the CLSID as it is frequently just randomly generated, but I don’t know how the object tag goes about its work, more so if the clsid is randomly generated.