This morning I got a warning that a site I’d visited has a virus or worm, and that the site has been blocked and I’m in no danger. The thing is, I didn’t navigate to that site, and for the past nine mornings or so, I’ve gotten the same message. Yesterday I cleared all my cookies and ran a virus/trojan scan on my computer, which turned up nothing. Apparently, that didn’t help.
· Cleaning of all user temp folders, administrator only can use this feature.
· Cleaning of the Java cache, which seems to be harbouring more and more malware
· Cleaning for the Opera browser, including Operas cache, cookies, history, download history, saved passwords and visited links
Please make your link non-clickable through hxtp or wXw
There is an external suspicious iFrame hidden link: htxp://globalwat.com/counter/in.cgi?two
Then there is a suspicious inline script
try {^^var pageTracker = _gat._getTracker^^("UA-935^^2248-1");pageTracker._trackPageview();} catch(err... broken ^^ by me polonus
In fact I did observe and also posted here the iframe. But I think its inside the html. So the site is not hacked but with the person who has coded the website must have put the iframe inside the code, is it? Generally, hacked iframes will be outside ain’t it?
So the alert by avast is correct, but that doesn’t get away from the fact the OP isn’t intentionally visiting the site, so answers to my original question may shed some light in why the visit is being initiated.
Yes, but that is rather immaterial since avast is alerting on the bookcityjackets.com site. The major issue is that the OP isn’t visiting that site, so something is connecting to it.
Just a shame we haven’t heard back from the OP, so I wouldn’t waste any further time speculating or expanding on the original alert until we get some feedback/answers on what we have already covered.
Wow! What a lot of response - thanks! I’m back now. Sorry, I was away most of the day, and didn’t expect such kindness.
DavidR, I think you may have given me my answer. I do use the Firefox Speed Dial extension, and have quite a few sites bookmarked that way. I’m a bookish sort, and had thought it sounded like a site I would like. So when I looked at the “shopping” tab of my Speed Dial, there it was. I deleted it, and have high hopes I won’t get the same message tomorrow.
Pondus, I’ll check out the ATF cleaner, too. Thanks for the suggestion.
You will get used to prompt responses in these forums, they are very active ;D
That is the problem with those types of extension, RSS feeds or live bookmarks, they visit the sites in the background and in doing so both the network and web shields will check that connection. So when removed I think your problem will be over.
It is possible that the bookcityjackets.com site may have been hacked as I believe it would be strange for a domain in the USA to have a an iframe which has reference to a domain (globalwat.com) in Russia. This looks like it is pretending to be a counter.
It may be worth checking out the bookcityjackets site again in a while to see if they have got rid of this or not.