Afterward my start page did not want to start up. I had Internet but when IE 8 and FF 16.0.2 were applied I got “Page not found”. I ran MBAM and did not find anything so I tried again and this time my browsers started with my start page.
I did run all the programs requested. Besides AdwCleaner which found some old IE 7 app to edit DHTML, the rest I believe are clean. However I will appreciate if any of you gent would take a look at them just in case.
Me too, my scan moved c:users/favourites/superantispyware.com.indexpage.url to the virus chest. Name of file infected said was INI shortcut-inf[trj]. What’s going on? Also my scan hangs at 58% for ages and then all of a sudden whizzes up to 99%, it hasn’t done that before?
I would suggest a search of the Wilders forums as that is where these things normally get discussed when it isn’t possible to discus them on the SAS forum if your AV is blocking it.
However, this is a bit strange in that it is only an issue at the forums. sub-domain as it is possible to visit hXXp://www.superantispyware.com/ without an alert.
The multiple alerts isn’t so much of an issue as essentially it is only the one alert on the forum.superantispyware.com sub-domain, so each connection to an image in that sub-domain would also trigger an alert.
My main interest is the very first alert you listed.
Web Shield:
02/11/2012 20:47:56 -http://forums.superantispyware.com/|>{gzip} [L] HTML:Script-inf (0)
As that page appears to be loading a compressed script file - the |>{gzip} bit at the end as the HTML:Script-inf is a script injection alert.
The problem is once you get sufficient avast users getting a web shield alert on a site, that (through the avast! community) will eventually lead to the inclusion in the network shields malicious sites list. So this particular alert needs investigation as I suspect once that is resolved the network shield alerts would also be resolved.
I agree with you DavidR that detection is the main concern.
Since Piriform forum was also detected as infected in an earlier topic yesterday I am taken no risks. I am pretty sure my logs are clean but I am waiting for Essexboy to take a look at my OTL logs.
hey i just posted that to show that sites that many people go to is usually targeted my malware so it seems like what have happen here with the sas forum.
While there’s no new AVAST database — it’s still at 121104-0, which blocked the SAS forum when I tested it this morning —
I’m showing that I received a streaming update at 2:17 PM (USA - Eastern Standard Time)… and now, I CAN access the SAS forums.