So I assume the reference to svchost (see above) was because it was that piece of software doing a DNS lookup, yes?
The only thing I still don’t see is a reason from avast explaining why it is blocking the website, which I thought it did. It would be handy info to pass along to the site’s owner.
I too got the alert trying to visit, I paused the network shield to investigate further (not advisable) and the site is down at the moment, so I guess they are trying to clean house, see image.
When they do eventually get cleaned out, it will take a little time to be removed from the malicious software list.
If you click a link in your browser then your browser would be the parent of the DNS call, if you initiated it from outside your browser then svchost is normally the parent for the DNS request.
Because it is on the malicious site list avast is able to check its list before the dns request gets through.
Site in question, and Klen in the thread please change www with wXw to make the link non-clickable for the curious of heart, was compromised through their version of Wordpress apparently. For checking for Wordpress vulnerabilities or exploits: http://ocaoimh.ie/exploit-scanner/
If the site is still down I would imagine it isn’t scanning infected content.
OK, site is back up but reporting server issues and with the network shield paused the web shield alerts three times, all of it related to packed and encrypted content on the home page and twice relating to the favicon.ico file also packed, see images.
So it looks like blacklist doctor can’t cope with packed encrypted.
While I tried to make the above links non-click-able I got the following alert:
Sign of “JS:ScriptPE-inf [Trj]” has been found in “C:\Documents and Settings\Polonus\Application Data\Mozilla\Firefox\Profiles\67^^zqs.default\sessionstore-1.js” file.
I cleansed that out and removen the session and cache to get rid of it, so even remotely linking to the site can wreak havoc. One can also make a test profile for firefox go to start - run and give in firefox.exe p
also a new profile can be made as Default.user,