Keep getting virus alert from Web Shield

Avast Free Antivirus / Premium Security
1

While I was stumbling around I got an alert from web shield as shown below.

I did a little testing and that entire domain yields a warning from web shield.
3/15/2010 10:25:54 PM hXXp://blogaboutyourblog.com/2007/09/24/10-firefox-add-ons-to-supercharge-your-blogging/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:28:34 PM hXXp://blogaboutyourblog.com/2007/09/24/10-firefox-add-ons-to-supercharge-your-blogging/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:47 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:49 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:50 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:52 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:54 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:55 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:32:58 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:00 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:02 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:04 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:07 PM hXXp://blogaboutyourblog.com/2007/09/24/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:07 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:15 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:17 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:33:35 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:35:18 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:35:28 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/15/2010 10:35:29 PM hXXp://blogaboutyourblog.com/|>{gzip} [L] JS:Small-C [Trj] (0)
3/16/2010 8:27:41 PM hXXp://blogaboutyourblog.com/2007/09/24/10-firefox-add-ons-to-supercharge-your-blogging/|>{gzip} [L] JS:Small-C [Trj] (0)

Well now just randomly here and there I get a web shield warning the same as the first one. Even though I’m not visiting the site, I’ve cleared all cache/cookies/history etc and I even uninstalled Firefox and deleted the profile folder and reinstalled. Why do I keep getting a web shield warning and how can I remove whatever is causing it?

A full system scan gives 0 results as do scans from Malwarebytes and superantispyware.

help?

2

It may be one of your firefox addons that is doing this - looking at the screenshot

3

hmm…I’m not sure how I could test this since I can’t actually trigger the warning whenever I need it.

4

Unfortunately I do not use FF so I hve no knowledge of addons - mayhap someone else will be able to assist

5

ok thanks

6
  • Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Just checked your first link and the avast detection is good, see http://www.virustotal.com/analisis/5dcb27b07be0fe7c92e937e767a1e4df1fae5b25af4920365666df580bad913f-1269105529.

The first of the second group, see http://www.virustotal.com/analisis/5f213e0f33b5ffe13fa88207fc9233c5255a9f1222567cc68071362271921e3f-1269105683.

The first of the last group, see http://www.virustotal.com/analisis/c25d85ebf8a3d37956d1b944cd808ec766c293583692b71aee9887870b7a31b9-1269105842

All detections at least 17 of 42, so the detections are good, fortunately the web shield has blocked this from being downloaded to your system, so you dodged a bullet, well lots of them.

So it appears that this site has been hacked rather than you having a dodgy add-on.

These detections aren’t restricted to firefox as I also tested it on Avant browser run as a non-admin user and avast alerts on the link also.

7

Well at least I know its not a false positive or anything. But yea I know its not only restricted to FF because I got the same warning when testing in Chrome.

I guess my question still is why was the warning still popping up even though I was not visiting the site at all?

small update
I uninstalled the Stumbleupon addon that originally brought me to the site and completely erased all its data, then reinstalled the addon. I haven’t received the virus pop-up since so hopefully that solved the problem whatever it was. I’ll keep you updated.

8

You’re welcome, thanks for promptly modifying the links.

I have never used stumbleupon so I’m not familiar with its functionality, I don’t really want to stumbleupon anything, only sites I have chosen to visit. Being a dial-up user I haven’t much bandwidth to go visiting multiple sites ;D