Old-Computers.com Website Trojan False Postive?

I upgraded from version 10.x of “Avast Free Antivirus” to current version 11.1.2245. Until earlier this year, I could access “old-computers.com” without triggering a ‘Threat blocked’ popup box and blocking the website in “Mozilla Firefox (Extended Support Release)” version 38.5.0 being the current release. All my ‘plug-ins’ are update including “Adobe Flash” and “Adobe Shockwave”. “Java Runtime Environment” (JRE) is disabled by default. The same thing happens in “Internet Explorer” version 11.0.11.

It makes no difference which page I am viewing like news page (which automatically redirects to when entering 'http://www.old-computers.com/") or article about a vintage computer -
http://www.old-computers.com/news/default.asp
http://www.old-computers.com/museum/computer.asp?c=28

Is this a false positive or something more serious? See beneath.

None of these links to the same website in the other message forum’s are viewable -
https://forum.avast.com/index.php?topic=22796.5;wap2
https://forum.avast.com/index.php?topic=25851.msg211537#msg211537

Thank you,
Dylan.

Firefox
“Infection blocked
URL: http://www.old-computers.com/museum/computer.asp?c=28
Infection: HTML:HideMe-F [Trj]
Process: C:\Program Files\Mozilla Firefox\firefox.exe”

Internet Explorer
“Infection blocked
URL: http://www.old-computers.com/news/default.asp
Infection: HTML:HideMe-F [Trj]
Process: C:\Program Files\Internet Explorer\iexplore.exe”

In the “Mozilla Firefox” and “Internet Explorer” -
"The connection was reset

The connection to the server was reset while the page was loading.

  • The site could be temporarily unavailable or too busy. Try again in a few moments.
  • If you are unable to load any pages, check your computer’s network connection.
  • If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web."

Virus Total saying the website is clean and it looks like it’s FP

https://www.virustotal.com/en/url/ee058fe3dfea7b7f64ec1ac89c8891b0f07ffaa6dc33183a076dd183619ab92a/analysis/1450406458/

The IP has issues http://multirbl.valli.org/lookup/96.47.77.130.html (several blacklists and failed tests)
And http://www.spamrats.com/lookup.php?ip=96.47.77.130

SEO spam https://sitecheck.sucuri.net/results/old-computers.com (malicious code detected)

Even more issues here http://push2check.net/old-computers.com (click some of the tabs for more information)

Enter old-computers.com into the search box at http://www.ragepank.com/redirect-check/ to find redirect issues.

SpeedyPc,

you are wrong.
VirusTotal does not say if a website is clean or not because it doesn’t scan website but only checks blacklists.

There are multiple problems with the site/server besides what Para-Noid already :
http://retire.insecurity.today/#!/scan/1c4d8cec5c637a0e336eeac37e34acad0f6d9b16cd108f3d5752efd9dc3b1d75
https://www.ssllabs.com/ssltest/analyze.html?d=old-computers.com
http://urlquery.net/report.php?id=1450411657172

Thanks Guys!

At least I now know it’s no longer safe, what a sad way for such iconic website to go! :frowning:

I wonder if website owner knows? or has website and domain name been hijacked and injected with malicious code?

It’s strange that “Avast! Online Security” shows in “Google search” as a ‘this site is Safe’ with thumbs up to visit and then blocks it. :frowning:

“McAfee WebAdvisor” lists it as a ‘Minimal Risk’ also with green tick in “Google search” and it’s safe -
http://www.mcafee.com/threat-intelligence/site/default.aspx?url=http%3A//www.old-computers.com/-&ref=safesearch

Is the safest way to visit the website as it has alot of useful information not found elsewhere, using a Virtual Machine such as “VMWare” or “VirtualBox” from Oracle with “Windows” and/or “Linux”? Or “Linux” distro the best as malicious code is targeted at Windows computers? Thanks.

I wouldn’t visit that site with any OS even in a virtual machine.
Too many issues. See the replies that myself and polonus posted.
There are many other tests we could run but the end result remains the same.

Look here for code that should be retired asap: -http://www.old-computers.com/news/default.asp
Detected libraries:
jquery - 1.2.6.pack : -http://www.old-computers.com/js/jquery-1.2.6.pack.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.2.6 : (active1) -http://www.old-computers.com/news/default.asp
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Three warnings detected here: https://asafaweb.com/Scan?Url=www.old-computers.com%2Fnews%2Fdefault.asp

The site is also spamming: Suspicion of Spam

class=agub>apply for payday loans design ! <t…

polonus (volunteer website security analyst and website error-hunter)