My issue here is that Avast Network Shield seems to be blocking the following URL:
hxxp://pda.angelbolt.in/downloads/angel%20PDA.exe
also the website hxxp://pda.angelbolt.in/
Please see attached error message snapshot >> Avast Error.png
The problem is that both the URLs are re-directs from the download link on a legitimate site of Angel Broking (http://www.angelbroking.com/ - this website is not blocked by Avast) - I perform online trading and Angel PDA 5 is the application provided by Angel Broking guys.
On the website (http://www.angelbroking.com/), there is a DOWNLOAD BUTTON ON THE TOP RIGHT SECTION IN YELLOW COLOR - When I click that, it takes me to the next page with a DOWNLOAD LINK FOR PDA 5 Application - when I click that, the error pops up and my access to the site is cut off.
I have been using this application Angel PDA 5 on my old computer with Win XP Pro without any issues (also am using Avast latest version 6 on it).
I guess what I’m trying to say is, that I trust this site and the application Angel PDA 5 - any idea on why Avast Network Shield is blocking this website?
I’m a great fan of Avast and don’t want to bypass it without first understanding any facts about this site you might be aware of!
If I can go ahead and tell Avast that this is a trusted site and app, how do I tell the network shield to allow it? (I ask this as I don’t see any configurable options for the N/W shield).
Any views/suggestions would be of great help.
Thanks in advance!
I’m not sure I understand fully, are you saying my machine is infected with a generic trojan? :o
Please clarify, thanks. And, what abt the website, is it legit? I can’t think otherwise as it’s from Angel Broking who are a pretty prominent broking house in India and I really doubt it, but not sure what the VT Scan means.
I already have MBAM on my machine, running a full scan now.
It could well be that the avast shield protected your computer from downloading that generic trojan, see what Norton has to say on this one: http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=42272
It might be you had a lucky escape or when you weren’t vulnerable to the exploit,
the scans are just to make sure your computer is OK.
Also very reputable, respectable sites are being hacked and will get injected with malware if there is a vulnerability found in the website application software.Whenever malcreants find a tiny hole to inject their malcreations they will not hesitate to do so, mostly with automatic toolkits etc.
I would inform the admin of that site and link to this thread, so he may seek help to cleanse his site from this malcode,
Looks like their website is down at the moment (I tried to go through Google as well as tried the link in your post) - just wondering if the site is really down or whether there is any malware on my machine blocking access to it (highly unlikely as I have latest Avast free edition running on full protection as well).
Can you just check if the SAS site is really down for you as well? Would help solve one mystery.
Are you talking about not blocking the following URLs?
hxxp://pda.angelbolt.in/downloads/angel%20PDA.exe
hxxp://pda.angelbolt.in/
If yes, I have a suggestion here, basically there are several files that this application PDA refers to from the above URL (hxxp://pda.angelbolt.in/) from the downloads section - I hope these will not be blocked as well?
Also, I’m wondering if those generic trojan finds on this website (which made avast n/w shield block it in the first place) aren’t a concern? How come the decision to unblock? Are they just false positives? Just curious to know…
Hello,
Would appreciate if anyone can clarify on my queries in my previous reply (#7).
Also, here’s the latest update on my situation.
I figured SAS website isn’t working on my PC from my ISP n/w only (as, it works when I try to get to it using proxify.com & it also works when I try to get to it from a US n/w using my office VPN) - so, apparently it has nothing to do with my machine - so this is one mystery solved!
Next, looks like the URLs in question in this thread have indeed been unblocked now! as, Avast doesn’t seem to interfere when the PDA application on my machine tries to update itself from there. But, still, I would like to understand if this is safe? (clarity to my queries in reply #7 will actually answer this point I guess).
Polonus, Sirmer, Daivd R… Anybody? Please help clarify my queries…
I’m kinda stuck in my decision making here whether to go ahead and use the PDA app here (please see the reply trail above) - Avast N/W shield doesn’t block the URL now and the app is working as it should (i.e. it connects to the site and downloads the app updates etc.) - but since the URL was found with a possible generic trojan find originally, I’m a bit skeptical to proceed further without first understanding why Avast team decided to stop blocking the URL (whether you found that it’s a false positive? or the URL and the files tested on it appeared clean on your latest scans? etc.)
I believe what Sirmer means that if a sub-domain, like hxxp://pda.angelbolt.in/ is infected and considered malicious; then avast’s Network Shield won’t block the whole domain name hxxp://angelbolt.in/ and all associated sub-domains only those that are considered infected/malicious.
So if the hxxp://pda.angelbolt.in/ sub-domain is considered malicious, you would still get the alert when you try to access it or download that angel%20PDA.exe file.
So if you can get this angel PDA.exe file from another source it would probably be OK. However, 5 consider it at least suspicious. That said two are BitDefender and GData and GData has BitDefender as one of its two scanners, also F-Secure has the exact generic signature name (Trojan.Generic.3194054), so I would say there is a chance that to is related to bitdefencers signatures.
That is a s good as I can give you, I can’t say the file is clean or not.
also F-Secure has the exact generic signature name (Trojan.Generic.3194054), so I would say there is a chance that to is related to bitdefencers signatures.
yes F-Secure is using Bitdefender engine
That is a s good as I can give you, I can't say the file is clean or not.
Norman analysis result posted here
http://forum.avast.com/index.php?topic=80960.msg662045#msg662045
Yes that is norman, which already said it didn’t detect anything in the VT results I posted.
The simple fact is that even though it highly likely to be clean, ‘I’ can’t give that guarantee, it is a decision ‘I’ can’t make for the OP; based on the information we give then they make their own decision.
Hello,
sorry for long waiting i had several days off.
I checked PDA and it’s clean file. It add “Autoupdater” run key in register but it is optional choice so maybe this is a reason why bitdefender mark this file as generic trojan.
Thanks David, Sirmer, Pondus and Polonus for all your replies… much appreciated
I have also informed the domain and the broking house’s product support team about these findings - they will be looking into it more keenly to ensure a clean site & files going forward.