Suspicious URL - now off the Avast Block list!

Hello,

Firstly, I kinda ran upto dead-end with my earlier post http://forum.avast.com/index.php?topic=80593.0 (the topic just died as I could not get anyone’s attention - so was wondering if there was a tech issue) - I would highly appreciate any response to my queries in it as it would get me some peace of mind!

What I wonder, is that if I scan the domain hxxp://pda.angelbolt.in even today, at Virus Total page and Symantec Norton Safeweb pages, they still find something fishy with the domain/url.

The thing is, the URL hxxp://pda.angelbolt.in/downloads/angel%20PDA.exe (from my original post) however, now seems to be clean as per Virus total.

What I’m really curious to know is when Sirmer replied to my post that the Avast team will stop blocking the whole URL from next VPS - does this mean it’s clean?

Secondly, I ran full scans with Avast 6.0 Free (updated) and MBAM 1.51 free (updated) - they found nothing - am running on Win XP Pro SP3 with Avast on full shields on.

I am wondering if there is a safe combo of apps to use - below is what I’m contemplating - any views are appreciated:

  • Win XP Pro SP3 (fully updated) - Windows Firewall Enabled

  • Avast 6.0 Free (updated with all real-time shields on)

  • MBAM 1.51 Free (on demand only and NO real-time shields since its free version)

  • SuperAntiSpyware 4.55 Free (on demand only and NO real-time shields since its free version)

  • CCleaner

  • Google Chrome

  • Also, whether there is a need to add exclusions for MBAM and SAS in Avast and vice-versa (since both MBAM & SAS free versions don’t come with Real-time protection and are on-dmd only?) I haven’t had any issues till date but just want to know if it’s required?

Thanks,
HG

VirsusTotal - angel PDA.exe - 5/42
http://www.virustotal.com/file-scan/report.html?id=fe00e2e12e720f9b2a241f8055d57b28b9edf7e20658ed33c224a49bf29dd33e-1309678742

sigcheck:
publisher…: Angel Broking Ltd, Inc.
copyright…:
product…: Angel PDA 5
description…: Angel PDA 5 Setup
original name: n/a
internal name: n/a
file version.: 5.0.0.5
comments…: This installation was built with Inno Setup.
signers…: Angel Broking Ltd
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 11:07 01/07/2011
verified…: -

URLVoid report

Report 2011-06-27 18:12:30 (GMT 1)
Website pda.angelbolt.in
Domain Hash b6255704bf702690a10f80037f0c14df
IP Address 220.226.206.124 [SCAN]
IP Hostname -
IP Country IN (India)
AS Number 18101
AS Name RELIANCE-COMMUNICATIONS-IN Reliance Communica…
Detections 5 / 23 (22 %)
Status DANGEROUS

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender DETECTED
Scanning site with: DNS-BH CLEAN
Scanning site with: DShield SDL CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts UNRATED
Scanning site with: joewein.de LLC CLEAN
Scanning site with: Malc0de CLEAN
Scanning site with: Malware Domain List CLEAN
Scanning site with: Malware Patrol DETECTED
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb DETECTED
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SCUMWARE CLEAN
Scanning site with: SpamhausDBL CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: Trend Micro Site Safety Center DETECTED
Scanning site with: URIBL CLEAN
Scanning site with: VSCAN CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN

- Also, whether there is a need to add exclusions for MBAM and SAS in Avast and vice-versa (since both MBAM & SAS free versions don't come with Real-time protection and are on-dmd only?) I haven't had any issues till date but just want to know if it's required?
never had any problems with it and i even run MBAM pro and SAS pro at the same time for a while

Thanks Pondus, if you are having no issues with the pro versions running at the same time (and I presume you use Avast for AV and with no exclusions added in any of these programs), I guess I should be fine with the free versions :slight_smile:

Interesting to note VirusTotal and URL Void’s findings on the exe as well as the URL I shared… however, since I know its from my broking house, I decided to download the exe to my system and test it with Avast and MBAM - both come out clean…

Also, can you tell me who decides (from the Avast team I mean) to stop blocking a URL when its reported by the user as a possible false positive? Sirmer just mentioned that they will stop blocking the URL (in my old thread) - never could figure out why?

And, any views on Zone Alarm Free Firewall version 9.2 that’s out recently? Its reviews are good and unlike its past, developers have done a real good job at making it light and yet powerfully effective. I’m thinking of using Avast Free 6.0 for AV and Zone Alarm Free for firewall in place of the default Windows 7 firewall (windows defender)…

Would you know How compatible is Avast with Windows defender (win 7 ultimate default firewall)?

Norman analysis

angel_PDA.exe : Clean!
And, any views on Zone Alarm Free Firewall version 9.2 that's out recently? Its reviews are good and unlike its past, developers have done a real good job at making it light and yet powerfully effective. I'm thinking of using Avast Free 6.0 for AV and Zone Alarm Free for firewall in place of the default Windows 7 firewall (windows defender)...
i dont like it..... my favorite is Outpost free..almost fully automatic http://filehippo.com/download_outpost_firewall/
Would you know How compatible is Avast with Windows defender (win 7 ultimate default firewall)?
to my knowledge it should work fine... just dont do a avast! custom scan and select "scan memory" or you will get some strange results

Thanks! I’ll surely check out Outpost firewall then… infact I did come across the name on quite a few forums and users talking good stuff about it >> Is there a need to add exclusions for Avast in Outpost or vice-versa?

[quote author=HyperGeek link=topic=80960.msg662042#msg662042 date=1309690034]

[quote author=Pondus link=topic=80960.msg662011#msg662011 date=1309680236]

- Also, can you tell me who decides (from the Avast team I mean) to stop blocking a URL when its reported by the user as a possible false positive? Sirmer just mentioned that they will stop blocking the URL (in my old thread) - never could figure out why?
---->> was wondering if you can throw some light on this?

I replied to your other topic, so check back to that.

if you want to run Outpost free with Win7 there is a trick (win7 not supported)

http://www.sevenforums.com/system-security/10310-how-make-outpost-firewall-free-work-w7.html

The stand alone outpost free firewall is no longer supported. This forum topic is just over two years old, so won’t be the outpost firewall free/suite 7.1.

I ran Outpost Free Suite (7.1) with win7 that version is OK with win7 or it was for me and no need for the hack mentioned in the forum to install in win7 compatibility mode.

Thanks Guys for your responses and views, regards…HG

You’re welcome.