per Google safe browsing diagnostic

Viruses and worms
1

“Malicious software includes 1 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.”

I visited bobsredmill.com on 4/18. On 4/19, Google blocked this site because the site had successfully infected its test computer on 4/18, the day I visited it. Does anyone know if there is a way to find out what this malicious software is and whether it infected my computer?

crowhold

Avast 4.8 Home Edition
Firefox 1.9.0.8
Windows XP Pro

2

Never just accept what Google is saying about things like this. They are often wrong (false positives). This just one of the many examples of it. The site is not malicious at all, the server it is on is clean. Nothing to worry about. Visit the site if you want.

3

Thanks, Eddy. I won’t worry.

I take it Google doesn’t even know what it is it thinks its system has been infected with. So there’s no way to look for it or identify it in my system, even if it does exist there. (I suppose I should be asking google my question.)

crowhold

4

Google isn’t alone, https://safeweb.norton.com/report/show?url=bobsredmill.com&x=0&y=0, rates it as Caution.

Though WOT (web if trust) doesn’t report anything, http://www.mywot.com/en/scorecard/bobsredmill.com.

Nor does http://www.stopbadware.org/reports/container?reportname=http://www.bobsredmill.com/ and this is one of the references given by google ???

The google diagnostic is less than conclusive and I believe it may have more to do with the site possibly having been hacked as there are references to links to Chinese domains. This could be from an iframe injection into some pages, though that is speculation on my part.
http://www.google.com/safebrowsing/diagnostic?site=http://www.bobsredmill.com/&hl=en

5

Then the question is: IF the site was hacked and a malicious script was active when I visited, HOW can I tell if I was infected?

6

Short answer is you can’t, without being able to access the site. You can’t do a retrospective analysis.

avast is very good on detecting these hacked sites, were an iframe of other injected, obfuscated code has been placed in it. Plus obviously you have the other detections for whatever it may attempt to download/run.

7

OK. Thanks, David

8

You’re welcome.