Avast displays the following warning when trying to access [ africacareerguidance dot com ]. However, the Google malware scanner has scanned the site several times and does not pick up on a problem. Is this a false positive from Avast … or something that Google needs to look at more closely?
The site does appear to have been hacked and contains additional pages for “crack” downloads, however, Google does not detect the problem that Avast is alerting to when submitting the URL for the homepage (that triggers the Avast warning).
HTML:Script-inf
Avast 4.8
Build 4.8.1356
File version 091027-0
most likely it is not the site itself that is the virus, rather the files it contains. You should stay away from cracked software / cracked software distributing websites as most often they do contain malicious content.
Believe me … I do not do “cracked” software. This warning comes up when attempting to access the legitimate home page that is unrelated to “cracked” stuff.
Edit: The concern here is … what is Avast seeing that Google’s malware scanners are missing?
I will try to contact the site owner about the pages that have been added to the site, but I would also like to determine why Google’s malware scanner is not detecting the problem that Avast is identifying.
Edit (Again): If the Avast alert is simply related to the URLs (from the homepage) to the additional “crack” pages, it would be nice to confirm that is the way Avast works. I was not aware that Avast followed links on the pages unless something on the page caused any of them to load.
I could understand that directly accessing the “crack” pages would probably trigger the alert, but am not clear about what it is on the homepage that is triggering it.
As of now, the links to the “crack” download pages are no longer on the homepage. The “crack” download pages that appear in the index are also returning a 404 Not found when checked with web-sniffer.net. So … it appears that the site owner has fixed the problem and Avast no longer triggers an alert.
While I am very familiar with looking for hidden iframes to malicious sites, as well as obfuscated code, sometimes I don’t recognize “bad” code from “good” code. In this case, I could not determine that there was code on the page that would be triggering the alert. The only red flag I could identify on the homepage was the presence of the links (added by the hacker) that could be dangerous to visit.
I would still like to find out from Avast if the home version follows links on a page, even if content from the linked page is not automatically loaded when the user visits the original page.
It seems that the owners have cleaned up as avast no longer alerts on the home page, see image.
avast has been very accurate in these kind of detections up to now, of all of those that I have checked out (when they are still in place at the time of checking) have proven to have been good detections.
Nice on the cache find on, africacareerguidance.com I have dug deeper and aside of what WOT said about the sites reputation, there seems to be a history of cracks being hosted on the site.
So I would say this is a high risk site as cracks often bring their friends to the party, I would suggest you don’t attempt to visit any of the google links in the results page.
Well the home page might have been cleaned but the cracks and keygen pages are still there and anyone using them would be crazy as they are high risk trojan bait.
sorry David for reposting the same pic as yours, but with a bit more area covered from that page, just to make it clear and obvious for all users here ;)…and they don’t have to browse for a confirmation.
avast is one of the few that is even looking for this type of hacked script, much less being able to detect it and as I have said of those I have checked avast is very accurate on these.
other pages (those shown above in pics with cracks etc…) on this site are still infected, and will remain infected. This is the real and only purpose of this site. A shame the server that hosts it doesn’t take it down.
because I’m not an Internet cop ;D
…this said the only way to deal with these sort of things is to report those sites to those in charge of investigations and sanctions, which I sometimes do
Why should either of them contact the webmaster, that is down to the original poster who was trying to visit the site, with others confirming that yes the site is still infected, though the home page has been cleaned.
If asking them to report it to the infection to the webmaster, then equally it could be said you and I should report it and that simply isn’t our responsibility. The OP asked a question and we answered it, our task/job is done. The OP can choose to report it to the webmaster, ignore what we have said and visit anyway or not bother to return to the site and be done with it, but that is down to the OP.