I’m getting JS:ScriptIP-inf[trj] pop-up from avast when attempting to compose a new e-mail or reply to an existing e-mail in my godaddy company e-mail. The pop up does not occur on either of my home laptops that also run avast, and my phone can perform these actions as well.
I have scanned for the problem with
Avast
Malware Bytes anti malware
Spybot Search and destroy
I have even tried Norton
and others I’ve likely forgotton
I have also read guides and looked to manually locate the problem using many of the guides on google without finding any of the files manually.
I have reformatted and the problem persists. Any suggestions?
It can be a false positive.
What is the difference between the laptops and the system that shows the warning ?
E.G. OS, SP, browser, avast version, VPS version, installed avast component…
The only detection I see on godaddy.com is someone trying to load jennslittlebears[.]ca, which we currently block. Any reason why you would be loading resources from this domain while composing emails? Does it persist when you refresh it? Does it show the same warning when you try to do it from a different computer?
I have now attempted to visit our company domain at jennslittlebears.ca and I’m getting a URL:Mal avast threat block on my laptop as well. I can still compose and reply to e-mails using my laptop. Both machines use firefox and avast. I update both programs regularly on both machines.
Polonus are you suggesting a script blocker program or browser extension if so which would you recommend?
I feel very comfortable with uMatrix both available for firefox as for Google chrome.
I use it in combination with uBlock0 adblocker extension, also available for firefox and chrome browser.
These two extensions form a beautiful pair in enhanced browser protection.
For the more security apt and those that know how to toggle it,
I’d propose the quality protection of NoScript and RequestPolicy
(not for the average user, allthough many have learned to work both firefox add-ons)
Might well be you get some of the avast’s shield alerts despite of this, but better safe than sorry.
Or at doubt go to the website in a website proxy with a script blocker available.
Yes and even there and then some of avast alerts may spill over and ring through (with payload or without,
depending on how much of the threat is able to “ring the detection bells”).
Could also that there is something wrong with/on the address searched for,
and Google Safe Browsing alerts and blocks the website.
Whenso they do that for a good reason.
Never persist to go there unless you fully understand the risk involved,
but report such situations here and we will be glad to explain the why and how.
Hope this reply will suffficiently answer your question,
polonus (volunteer website security analyst and website error-hunter)
Ok so I have a few thoughts on this. The domain is my and my wife’s daycare business website, I’d really like to avoid potential customers from getting turned away by Avast popups as it is the most popular free virus software.
I was reflecting today and I recall I changed our news page to include a script that posts our daycares facebook group feed on the page. Do you think this could be the sudden cause of all this? The urlquery.net report is what made me thing of it as there is a tree pointing my company domain to facebook.
Lastly what is it going to take to get my page off of avasts blacklist, I’m concerned this is costing us website traffic. I apologize if these are stupid questions, it has been smooth sailing for me for the past 5 or so years and I haven’t encountered something like this in quite some time.
edit-I guess I’ am just confused as to how my little daycare website that I made with godaddy website builder can be considered dangerous by avast.
edit 2 - Polonus in reading back through the replies again, particularly reply #3 are you basically suggesting godaddy is an insecure provider and I should look elsewhere? Or if not insecure, they run a rediculous amount of scripts on the site?
Only someone from avast can tell exactly why the domain is blocked.
As GoDaddy is a large hoster, there are a lot of malicious websites there especially on their shared severs.
When shared hosting used there is always the risk of getting your site blocked due to one or more bad neighbors.
As they say, one bad apple can spoil the bunch.
Easiest way to avoid this risk is to use shared hosting (or running your own server).
On a note, there are some errors in the sites code.
Line 7, Column 16: there is no attribute “property”
The doctype is set to XHTML 1.0
Either change the doctype to XHTML 5.0 or remove the property attribute as it is not supported in XHTML 1.0
The same is with Line 45, Column 578: there is no attribute “allowtransparency”
<!-- Footer:Begin -->
<div style="display:block;" >Content copyright <script type='text/javascript'>document.write(new Date().getFullYear());</script>. jennslittlebears.ca. All rights reserved.</div>
<!-- Footer:Begin -->
</div><!-- /sf_footer -->
Beginning the footer twice while there is only one ???
Looks like a bug in the webdesigner.
I also don’t see a list of keywords in the header.
The lack of them will make the site harder to find (causing a low listing in search engines).
And be consistant.
With most staffmembers it says “Early Childhood Educator” and with some others just “ECE”.
I can now visit my company domain and compose/reply to e-mails. Thank you HonzaZ, Eddy, Pondus and polonus for all of the prompt replies and assistance with my issues, my knowledge in these matters is severely lacking and I appreciate the help.
