Need to bypass a false positive site

When I try to go to http://www.adk.org I get a message that it contains JS:Redirector-H6 [trj] and I am prevented from going to the site. I tried adding it to the exceptions in “Program Settings” and in the “Customize => Exclusions” in “Web Shield”. No luck. Can anyone tell me how to tell Avast to let me go to the site. I submitted a “False Positive Report”. Also I can’t seem to get to the support center. When I click on the drop down all I get is a blank page with Done in the status line.

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.

Not a false positive, the site is infected.

Thanks for confirming that. I will try to find a way to contact their webmaster to notify them though I really have no idea how to do that.

You’re welcome. Feel free to come back any time you need help or just to change experiences 8)

This is the script that has been inserted into the page, see image, I have broken up the single line of script to make it easier to see.

  1. Did Finjan’s plugin cause Avast to react?

  2. If so, does Finjan’s scanning of Google’s results present a danger?
    I just entered hxxp://www.adk.org into google and clicked on ‘google search’.

Once the google search results page appeared, Avast identified the site as infected.

However I hadn’t even clicked on it - I’d only entered it into google and clicked search to display the results.

The only thing I can think of is the Finjan’s Secure Browsing plugin in Firefox attempted to scan the result.

I thought just entering a site into google and displaying the search results would be harmless. That is, one doesn’t actually click on the site…

Your advice would be appreciated!

Thanks.

  1. the script is on the page and nothing to do with Finjan or its plug-in ("When I try to go to hXXp://www.adk.org I get a message "), so even if EskimoBlueDay had Finjab, it was the act of trying to go to the site that triggered the alert.

The clicking on a link would cause avast to first scan the contents in the localhost proxy before allowing it to go to the browser cache so it can be displayed.

  1. I don’t use Finjan but if it actually tries to access the site rather than check the url against a database then it is possible to cause an alert as avast would effectively be checking that access.

I have a question for you all. usually, for the probelm I reported, the avast window popup and there is a button toabort connection. I have learned from you that as long as I am pressing that, I am good. Now, is there any way to setup avast to always abort connection when it encounters such problems?

This would be great and save the day.

Yes - set “Silend Mode” in the WebShield provider settings (last page).

Thanks. But will I get any notification that avast has found something and aborted connection ?

Edited: wrong information.

You’ll see a notification above the system tray (for a few seconds).

Personally I would leave it as it is as I like to know what is going on with my system. Now if you miss the short ‘silent’ alert at the notification above the system tray (only there for a few seconds). Then you won’t have the slightest clue why you can’t load that page other than your browser displaying a pop-up ‘The document contains no data’ or similar words.

That could be very infuriating as you rummage around for the reason why the site either won’t display at all or parts of it don’t display.

true. but the sites that i reported, the abort conection does not cause issues like that. you can continue to navigate through the site and read pages.

Maybe it’s not the site itself but a redirection link, maybe an iframe…

To be honest I wouldn’t want to continue browsing through a site that has already had an alert on it, who is to know what the original alert was or if there may be any subsequent, exploits, etc. that might not be blocked by avast and before you know it you are infected or part of a bot net, etc.

That is why I prefer to know, so at the very least you are aware of a problem on the site, you can of course opt to continue (your system your choice), but at least you are aware of the potential.

I understand your point and thats what exactly I would do to any site. But when it comes to some ligitimate site which you use every and now can’t use anymore becayse some mailicious iframe ot js-redirection whatver is there, its frustrating for user. Adding to that, the site does not reply to user feedback.

The word legitimate means nothing when it comes to security as there are many legitimate sites being hacked.

If having tried contacting them and they don’t even do you the courtesy of a response, that would be an even greater reason to find somewhere else.

If site gets hacked, it’s not safe to go there, being or not legitimate… The legitimate judging is not let to us users, but to technicians and the security software. It would be frustrating if the antivirus does not block the access to an infected site…