I’m getting a warning at a news site that I’m pretty confident is OK. I’ve never had problems there before. When I go there now using Chrome I get these warnings for some reason.
Any idea what avast through Chrome and IE thinks this is an infected site yet via FF everything is fine?
For some reason I can’t get an image of the warning.
Website: http://www.christianpost.com/
Only the U.S. section does this. The international does not.
I have that happen occasional when checking out stuff in the viruses and worms forum, the reason in my case is a combination of the additional security add-ons. I have: NoScript, which I selectively allow to identify which site is responsible; RequestPolicy to prevent cross site scripting (same selective allow for sites as NoScript); AdBlockPlus, this one was one that I didn’t twig in something I was trying to find on a site getting alerts for people yet not me, turns out adblockplus was blocking an add site which was what avast didn’t like.
I have also seen some malware attacks that only worked if you were using IE.
So do you have any add-ons in firefox that could be preventing the malware from running and avast alerting ?
Avg On-line scanner, URL Void and Virus Total all show the sight as currently being clean.
I have AdBlock Plus on FF and Chrome would be the only thing I could think of. I’m not sure what else would prevent malware from running or avast giving an alert.
I am trying Panda free along side avast just to see what happens. But for a couple of weeks I’ve had no issues in running both whatsoever, so I don’t think that would be a problem, and I get it if I turn Panda off.
“HTML:frame-inf” is the infection warning if that helps.
And Nesivos…Thanks for checking online checkers. At least some peace of mind that I don’t have an infection lurking because it wasn’t blocked when using FF.
I would start by clearing all browser caches so that we can be sure you have a clean start point and the cache isn’t being used.
The fact that it appears to be clean, would make me wonder why IE and Chrome (with avast and web shield) are finding it infected.
However that said http://sitecheck.sucuri.net/scanner/ finds the site is infected, see image extract. That is indicating a hidden iframe, but in the javascript code there are lots of references to Explorer, so I don’t know if this is one crafted specifically for IE.
Well the fact that Panda free has worked with avast for two weeks, is no guarantee that they won’t conflict, more by luck than design.
Thanks for the info and suggestion. I had just run Oldtimers Temp File cleaner and restarted. I hat to say it but I’m assuming this would have cleared the cache, correct? Should I avoid that site in FF then? I’m just confused and have never run into this kind of then, so it’s a learning experience for me.
I’ve run Malwarebytes and nothing is going on.
The TFC should clear browser temp files, though if you have changed the default location for where the browser stores its cache then I don’t know if it would be smart enough to understand that and deal with it.
Which is why I generally use the browsers own settings to clear its cache.
Personally I would rather use firefox to visit any site, I never go investigating suspect sites with IE, with firefox and NoScript and RequestPolicy (plus firefox running under restricted user rights), I can selectively allow certain areas and not everything at once.
So visiting this with IE and dropmyrights, I get 3 alerts right off the bat, image1. This is because the site makes extensive use of iframe tags to import data and it is these that avast is alerting on (image2).
Now comparing the page in firefox and IE the location/targets of the iframe are the same afr.php (I believe), but the zoneid and cb values may changed and I think this value may relate to the browser used. This may be why there is no alert in firefox but there is in IE, as the content of the compressed {gzip} obfuscated javascript file being loaded is likely to differ.
There shouldn’t be anything going on as the web shield blocks anything being downloaded, so I wouldn’t expect MBAM to find anything.
Thanks for the great amount of information (not all of which I fully understand the implications of!).
I just ran a full scan and avast detected the infection in a Chrome location and I moved it to chest. In Chrome I was getting the blocked messages so would have thought those locations would have been fine and FF likely infected.
I’m curious why FF locations were not infected, but I guess Chrome was more vulnerable, and it was not actually blocked every time.
Forgot to mention that Chrome itself now gives a warning that the page may have a problem.
I honestly don;t know why firefox isn’t effected by this and I can only guess that the content of the data loaded into the iframe is different from that loaded into IE, hence no alert.
OK. I normally use FF but was trying Chrome (again to see if it grows on me). Since nothing was found in the FF locations I’m thinking in this instance FF was less vulnerable to this kind of malware/virus.
It’s off topic, but I still find Chrome not for me. The new FF seems as fast and faster in many cases. It seemingly being less vulnerable in this case helps me want to stay with FF (but I realize another threat may have had opposite results, and this may have had nothing to do with FF being more secure.
Just tried with the sitecheck page and it came back verified as clean.
Looks like they must have cleaned house. No alerts now even in IE.