Malware detection in clogitec.com

Hello there,

Since a few days, Avast repeatedly notify me having blocked a connection to clogitec.com, with the reason being that it is infected by “Other: Malware-gen[Trj]” in the processus Firefox.exe. Problem is that I never tried to connect to this website (I don’t know what it is), so I supposed it’s another problem. When I scan with Avast and Malwarebytes, nothing is found ; I tried also in safe mode, but Malwarebytes found nothing, and Avast don’t want to work…
I’m with Windows 8 64 bits, my navigator is Firefox 72.0.1.

Thanks in advance for your help and sorry for my english if I made mistakes.

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

The URL name ( clogitec ) sounds like a fake Logitech website ?

Could be why it is Blacklisted
https://www.virustotal.com/gui/url/3a5de8f1b89ff3e861003c949cfadb7fbcb1008875b2ce8bebd1770eeebdda3f/detection

Could also be why it is taken down
https://downforeveryoneorjustme.com/clogitec.com

When I scan with Avast and Malwarebytes, nothing is found ; I tried also in safe mode, but Malwarebytes found nothing, and Avast don't want to work...
-Scanning in safe mode does not have any detection advantages, what it give you is removal advantages if you have problems removing something that is already detected

-avast have boot scan

-Malwarebytes is not designed to be run in safe mode, it will run but all drivers are not loaded so will run crippled

Pondus,

Detection was still there a day ago, but now you will get a 403 error for that site.
Cloudflare took it down, but still that IP relations scan shows it at VT IP relations scan results.
https://www.virustotal.com/gui/ip-address/172.64.164.39/relations
and https://www.virustotal.com/gui/ip-address/104.18.41.175/relations
Re: https://toolbar.netcraft.com/site_report?url=clogitec.com

ate: Sat, 11 Jan 2020 23:32:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: __cfduid=d9def688b2b2a83c75a64925e5a6da2801578785539; expires=Mon, 10-Feb-20 23:32:19 GMT; path=/; domain=.clogitec dot com; HttpOnly; SameSite=Lax CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 553ab0788f6a9572-IAD

Content that was returned by your request for the URL: htxp://clogitec.com/

1: < html>
2: < head> < title> 403 Forbidden< /title> < /head>
3: < body bgcolor=“white”>
4: < center> < h1> 403 Forbidden< /h1> < /center>
5: < hr> < center> nginx< /center>
6: < /body>
7: < /html> Content after the < /html> tag should be considered suspicious.

8: < !-- a padding to disable MSIE and Chrome friendly error page →
9: < !-- a padding to disable MSIE and Chrome friendly error page →
10: < !-- a padding to disable MSIE and Chrome friendly error page →
11: < !-- a padding to disable MSIE and Chrome friendly error page →
12: < !-- a padding to disable MSIE and Chrome friendly error page →
13: < !-- a padding to disable MSIE and Chrome friendly error page →

This at IP address -104.18.40.175

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Hello,
So I reported a false positive, as bob tells me. I suppose I have to wait a bit to see a change (for it continues to be detected, in the mean time) ?

Since it is blacklisted and taken down (not online anymore) i think detection is/was correct
You may have some crap in your browser that try to connect to that URL

Ok. So how I can delete this crap if neither Avast nor Malwarebytes found it ? Could you recommend me something ?

read and follow instructions here >> https://forum.avast.com/index.php?topic=194892.0

The two diagnostic logs from step #2 must be attached

Hello there,

Sorry for the long delay to answer, but since my last message Avast stopped to notify it until this morning. So about the logs asks, please find them attach. I will grateful if you could see what is going on here.

Nobody ? :frowning:

Are Firefox or Chrome opened when Avast display notification?

Yes, Firefox. It’s on this processus that the connection is detected.

In Firefox open this address:

about:serviceworkers

and delete/unregister all listed entries.

I try, but it changes nothing. Avast continues to detect the connection.

In that case try with disabling add-ons until you found one which cause Avast notification.