I went to a link on a webpage and was directed somehow to a page at Frigidaire’s website (the appliance company.) Suspicious, I immediately ran a scan with Avast and Malware Bytes, which came up clean, and after that, rebooted with no problems or evidence of infection. A scan with Virus Total of the site in question shows 1 detection, from an Anti-Virus company I have never heard of: ViRobot?
Computer seems clean and fine, is this a false positive? Researching this malware, shows that it first appeared around 2007. In fact, the URL for the site in question, no longer exists.
If you give us the link like hxtp or wXw we could investigate. As we have no source url we cannot see anything about the validity of this VT result, if Avast detects this trojan it is as HTML:Iframe-inf or PHP:C99Shell-B
I find nothing and I mean nothing actually displayed on either of those links.
The page source is the same for both pages, see image extract, the iframe at the bottow is the thing that is probably being detected but nothing on the web shield.
So what made you click on that link to take you to tha site ?
Me I would have been suspect on the use of 55 in the domain to look like SS.
Upload the file to virus AT avast dot com for analysis, could be fairly new and the above flags because of a test-run,
or as you say a False Positive (but two flags SAS, Robot and the RabidMonkey report),
My story is that from time to time, I have always been interested in Supernatural activity, haunted houses, and unexplained phenomenon. I found this site of Haunted Places in the United States. Very safe. (Well except for that link) It’s a database of haunted places.
Anyway, I was looking at a place in Wisconsin, where a friend of mine lives and there is or was this haunting in the city of Eau Claire. Do a search with the Find Command and enter the text Rope Swing on the page below:
hxxp://www.theshadowlands.net/places/wisconsin.htm. (This is the safe URL, but will use the xx protocol as good Internet etiquette.)
The world “Missing” is highlighted and takes users to the URL mentioned above in my OP. I have contacted the site’s Webmaster to please remove the link.
Note that I cannot submit a file, because there is no file to submit. Nor do I want to go back to a web page to submit the file.
David, yes you are correct, I should have been more cautious about that “55” as a part of the link.
Jack
PS. Still strange that I was directed to Frigidaire that first time! (When I clicked on the “Missing” URL at the Haunted Places site.) One of the reports said that the strange URL links directly or indirectly to some stuff at Google. I mean, whatever it was wanted me to look at refrigerators! And I actually went to Frigidaire’s home page and could click on the exact page that to which I had been directed.
That had to be a banner cookie of some kind. I will probably run full scans with Avast/Malware Bytes tonight just to make sure that there is nothing found. But it sounds like this is OK. I’ll post back if it’s not.
WOT does not like that gla55pak dot com, see: http://www.mywot.com/en/scorecard/gla55pak.com
source of “unknown_html_google_malware” browser exploit according to one malware resource site…
Yes it is certainly weird behaviour, but currently not malicious as far as I can tell, but that rather depends on what the pop_int.js does, but avast doesn’t alert on it and zero hits at virustotal either.
So it rather depends on what might be at the other end of the iframe, which appears to be some sort of sponsoring, given the check_bot=‘domainsponsor’ bit at the end, see image.
Now I use firefox and the NoScript (NS) and RequestPolicy (RP)add-ons, NS would primarily stop scripts being run on the gla55pak.com site and RP would stop cross site scripting (on searchportal.information.com), it is this bit which would block the redirect to whatever the sponsor domain might be (check_bot=‘domainsponsor’).