HTML:Script-inf

Avast Free Antivirus / Premium Security
1

Avast is preventing me from opening xww.disboards.com

I get the following message:

nfection Details
URL: hxtp://www.disboards.com/|{gzip}
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: HTML:Script-inf

I used urlvoid to scan the site and it came back clean. Is this a false positive?

2

Urlvoid does not scan for infections…it check if the url is on blacklisted

try sucuri.net and zulu.zscaler.com

you may post result here

3

web site: xww.disboards.com
status: Verified Clean
web trust: Not Blacklisted
warn: vBulletin version outdated: Upgrade required.
*Cached results from the last 24 hrs.

Security report (Warnings found):
check Blacklisted: No
error Outdated software: Yes
check Malware: No
check Malicious javascript: No
check Malicious iFrames: No
check Drive-By Downloads: No
check Anomaly detection: No
check IE-only attacks: No
check Suspicious redirections: No
check Spam: No

4

URL: hxtp://www.disboards.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

Referer:

Submitted on 06/16/2012 at 00:24 GMT

Status: finished

Redirections:

HTTP Status Code: 200 OK

Content Size: 135865 bytes

Content Type: text/html; charset=ISO-8859-1

IP Address: 108.171.164.208

Country: United States

Web Server: LiteSpeed
Benign
20/100 Send us feedback

Domain history:
hxtp://disboards.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/yui/connection/connection-min.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_global.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_menu.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_md5.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_read_marker.js?v=384 on 06/16/2012 at 06:13 GMT
More
External elements (up to 10)
URL Type Risk
hxtp://www.disboards.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384 script Benign
hxtp://www.disboards.com/clientscript/yui/connection/connection-min.js?v=384 script Benign
hxtp://www.disboards.com/clientscript/vbulletin_global.js?v=384 script Benign
hxtp://www.disboards.com/clientscript/vbulletin_menu.js?v=384 script Benign
hxtp://www.wdwinfo.com/js/css-ie6.js script Benign
hxtp://partner.googleadservices.com/gampad/google_service.js script Benign
hxtp://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4ef969ad371af0aa script Benign
hxtp://www.disboards.com/clientscript/vbulletin_md5.js?v=384 script Benign
hxtp://pagead2.googlesyndication.com/pagead/show_ads.js script Benign
hxtp://www.disboards.com/clientscript/vbulletin_read_marker.js?v=384 script Benign
Content checks 0/100
Test Description Risk
Phishing Heuristics Not a phishing page This check had a neutral impact on the overall risk score.
Zscaler Content Check No match This check had a neutral impact on the overall risk score.
Zscaler Obfuscated Javascript Check No match This check had a neutral impact on the overall risk score.
URL checks 0/100
Test Description Risk
Zscaler URL Check No match This check had a neutral impact on the overall risk score.
Suspicious Domain name URL Domain: disboards has suspicious character score 1.44 This check had a neutral impact on the overall risk score.
SURBL Block URL Domain Result: None This check had a neutral impact on the overall risk score.
SURBL Block Nameserver Domain Result: None This check had a neutral impact on the overall risk score.
Suspicious Sub-Domain Name www. has suspicious character score 0.00 This check had a neutral impact on the overall risk score.
Top-Level Domain Risk TLD of com has risk 0.0 This check had a neutral impact on the overall risk score.
Host checks 10/100
Test Description Risk
Netblock Size Risk Netblock size has size 7 This check increased the overall risk score.
Geo-location Risk Risk associated with country location of server: This check had a neutral impact on the overall risk score.
Park/Disabled Domain Parked domains may indicate that the domain is suspended or has not been used This check had a neutral impact on the overall risk score.
Autonomous System Risk ASN has risk 0.0 This check had a neutral impact on the overall risk score.

5

Hello,
avast! detect there script tag which goes to “safesurf-check.com”.

Milos

6

Thanks for the confirmation Milos.

@andyb

Also See:
http://forum.avast.com/index.php?topic=99720.0
http://forum.avast.com/index.php?topic=99727.0
http://forum.avast.com/index.php?topic=99733.0

7

Thank you! I had searched for HTML:Script-inf but not disboards. Appreciate the quick replies.