One of my friends on the Opera Community told me a friend of hers told her that when he visited her Blog, his Anti-Virus sent up an Alert that something on her page … something from greetsoft.com could harm visitors’ computers.
I Googled and found this, which my friend’s friend had mentioned:
Is this legit?
I don’t know what Anti-Virus my friend’s friend has that gave him the Alert.
My avast did NOT send up any Alert while viewing the page in question in my friend’s Blog.
Since there is no URL (edit the http to hxxp) nor what the malware is meant to be, there really is no way to investigate.
However, the google safebrowsing show a ‘history’ the avast web shield doesn’t care much for history as it is looking for current malware. If lots of hits/detections were found by the web shield over time, then that URL would be added to the network shields malicious sites list.
When my friend checked the page in question in her Blog’s Welcome Sticky Post, there IS 1 Pic of a Happy Birthday Cake from this greetsoft.com that someone posted in a Comment.
I asked my friend what Anti-Virus her friend was using. She really didn’t know, but from her reply, I’m gathering that it might be Google Chrome because her friend apparently said something like, “Maybe I’m the only one using a Google Browser.”
Oh, BTW, the reason I had left the “http” intact is because it wasn’t the URL to any actual possible Malware … as in it wasn’t the actual URL to the greetsoft.com site, which is the one alleged to possibly be infected.
My comment about the http was for if and when the actual page the alert happened was posted.
Google Chrome will no doubt be using the google safe browsing data in its browser and probably why the historic information on prior malware was the cause of the warning.
Tell your friend to check the Security Center in the control panel, which will tell her what AV she is using, but it doesn’t bode well if they don’t know what an essential part of their security is.
The site is in beta but CharleyO and myself have found the results there quite reliable indeed and the results there were always supported by the avast webshield results. Google is an institute that does a proper job there.
Also Norton Safe Web Scanner comes up with some reds for this site:
Report of threats
Total number of found threats: 4
Malcode viruses
Threats detected: 3
Here is a complete list:
Name of threat: W32.IRCBot
Filename c:\windows\system32\infoclock screensaver.scr
Location: hxtp://greetsoft.com/eliteclock.exe
Name of threat: Infostealer.Bancos!gen
File name: c:\program files\desktop clock\mail.exe
Location: hxtp://greetsoft.com/dcsetup.exe
Name of threat: Direct coupling to W32.IRCBot
Location: hxtp://greetsoft.com/
Trojan horses
Threats found: 1
Here is a complete list:
Name of threat: W32.IRCBot
Location: hxtp://greetsoft.com/eliteclock.exe
Enough to stay away from a site like this, I guess,
Chim…Yahoo also has a “warning: dangerous downloads” marked for this site on their search page as well. I have linked only to the search page for greetsoft through Yahoo. As others have stated, be careful of this website.