Possible Infection Blocked

I’ve used this gmail e-mail program for quite awhile. Never any issues.

hxxp://www.gmailnotifier.com/

Today Avast blocked a URL:Mal at this website. I’ve attached a picture of the Avast pop-up. Could this website possibly be infected? I was wondering if anyone else has experienced this at this website, with the latest definitions (100424-0).

It did block the URL (Object) listed in the pop-up. Nice job Avast!!

Thanks,

scjr

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.

Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).

Well I didn’t get an alert on the URL you gave, but it needs to be broken (see below). So is this the page you were at, if so they might have cleaned the redirect that was causing the problem ?

  • Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

See http://www.mywot.com/en/scorecard/xorg.pl as from your image something is trying to redirect to xorg.pl which has a poor reputation. Also see http://www.google.com/safebrowsing/diagnostic?site=tes557.xorg.pl/ and http://www.siteadvisor.com/sites/xorg.pl/summary/.

I am getting avast alert and Malwarebytes IP block 61.4.82.212

Wepwet Analysis report
http://wepawet.iseclab.org/view.php?hash=f2e26522460365f3267abaf333f9234d&t=1272133125&type=js

strange…now the avast warning is gone…

hpHosts
http://hosts-file.net/default.asp?s=61.4.82.212

Hi scjr,

The site you give - please make non-clickable by putting either hxtp or wXw - re-directs here: htXp://cechirecom.com/js.php (this is an unknown recent domain:No match for “CHECIRECOM.COM” found…

Last update of whois database: Sat, 24 Apr 2010 18:22:22 UTC <<<)
and a redirect to: htxp://www3.sdfhj40-td.xorg.pl

polonus

Sorry about putting up the live URL. I corrected that. My apologies. :frowning:

All the best,

scjr

No problem, as you edited it now… :wink:
asyn

Thank you. This is a friendly forum. I appreciate this program.

Thanks again.

scjr

Hi scjr,

Thank you for visiting us, and we were glad we could be of any help to you.
Surf safe and secure is the wish of,

polonus

…and all the other little helpers. ;D

Hi Asyn,

You’re right, seen this http://www.siteadvisor.com/sites/xorg.pl/postid/?p=4524004
Also with polish sites there are bad apples, also see this:
http://safeweb.norton.com/report/show?url=xorg.pl
27 threats found,

pol

I’m so pleased Avast picked this up. This is the best AV out there. I came from one that used a pop-up ad. Avast is superior.

All the best to everyone and thank you for the warm wishes.

scjr

You’re welcome, we kind of like avast too ;D
I have only been using it for 6 years though ;D

Hi DavidR,

This is the complete list of the xorg.pl malware sites:
http://www.malwareurl.com/search.php?domain=&s=xorg.pl&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on

Stay clear of these URLs,

polonus

Hi D.,
sure why should polish sites be better/worse than others…? :wink:
asyn

Yes…! No pop ups here except updates and malware notifications… ;D
asyn

I can top this; 15+ years (don’t remember exactly) and staying with avast since then… :smiley:
asyn

Hi all.

Check out the Malware Domain List or alternatively :

http://www.malwareurl.com/listing-urls.php

http://safeweb.norton.com/buzz

http://www.malwaredomains.com/wordpress/

http://www.malwaredomainlist.com/mdl.php

Yes once I get to a couple of references I stop ;D

Just an update on this infection. I contacted the webmaster of the site and he indeed was infected. Here’s his response:

Hi ...

Thank you for this warning. My website was infected indeed. This is the second time now.
Can you please run a check now ? I believe the threat was removed.

Thanks

The site is now clean with no redirects or warnings from Avast.

Thank you Avast, you saved me on this one for sure.

All the best,

scjr