Syndication Exoclick

When I log into certain websites I now get redirected to another site which my virus software stops me from going into saying it is dangerous. I understand that Syndication Exoclick has something to do with it. I have tried running Malawarebytes and superantispyware but with no success. How can I stop this please ?

Since this is an on-line alert blocked by either the web shield or network shield and probably not on your system, I’m not surprised that MBAM or SAS don’t find anything. Since this is only happening on certain sites when you are browsing, then I suspect that this is web based and not on your system, but need more information to say with any certainty.

However, to help us can you give is the malware name, full paths to the alert/s or post a screenshot of the alert window ?

When posting URLs change the http to hXXp to break the link and avoid accidental exposure to suspect sites.

Dear wombat1953,

I have just sent you a private message.
ExoClick would be happy to help you if you can provide us a bit more information regarding this issue:

  • Screenshots
  • URLs causing the problem
  • Browser used
  • Antivirus installed

Thank you in advance.

Kind regards,
ExoClick

You are not in position to provide help,let start by giving you some links to your site:
http://www.mywot.com/en/scorecard/syndication.exoclick.com/event-29231#events
10/01/2011 hpHosts Used for advert or tracking purposes.
Have a look at WOT comments.
URL VOID:
Report 2010-09-12 03:27:00 (GMT 1)
Website syndication.exoclick.com
Domain Hash f9192d05a7b7fba9fb1f0b6c8abf29bc
IP Address 213.135.50.72 [SCAN]
IP Hostname a213-135-50-72.deploy.akamaitechnologies.com
IP Country PL (Poland)
AS Number 8664
AS Name ICM-PUB University of Warsaw, ICM
Detections 3 / 17 (18 %)
Status DANGEROUS
Scanning site with: DNS-BH DETECTED
Scanning site with: hpHosts DETECTED
Scanning site with: MyWOT DETECTED
http://www.webutation.net/go/review/syndication.exoclick.com 40/100 …

Also found here
http://support.clean-mx.de/clean-mx/viruses.php?domain=syndication-exoclick.com&sort=first%20desc

Also here,serving malware as .JPG files
http://www.malware-control.com/statics-pages/76d9950a5719074c489e5abb6c5153f8.php

http://urlquery.net/report.php?id=14260

Your ASN > ASN AS23393 ISPrime, Inc.
http://www.mywot.com/en/scorecard/isprime.com
10/01/2011 hpHosts Engaged in the distribution of malware.
10/01/2011 hpHosts Appeared on a list of malicious websites.

Dear wombat1953,

Thank you for your private reply. Our support team is currently working on it in order to help you.

Dear Left123,

If our ad network is involved in this issue, I think we can help.

Some of the links you provided are outdated and we took serious actions to avoid this kind of issue.
As you can see, following programs identify our domain as safe for browsing:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=exoclick.com/
http://www.virustotal.com/url-scan/report.html?id=3e4dec7b6288e5c377e51d618824cde3-1319543984

Same result on McAfee Site Advisor, AVG ThreatLabs, Norton Safe Web, …

We already requested MyWOT to review his rating as most of the comments are outdated. As you might know, this is a process taking time.
Still, we thank you for reporting these so we can continue improving our ad network.

Kind regards,
ExoClick

The site is blocked by network shield to avoid further risk…

network shield has in built url blocker and enhanced network scanner…

this is blocked by URL blocker so no detection here just with the AV engine here:
http://www.virustotal.com/file-scan/report.html?id=deb686c71f72dbee4ef76d3cf176a6644995fec0b2788f1bee17072f9972da69-1319552866

Dear true indian,

I am not sure to understand what you mean.
The URL you provide on VirusTotal is clean as far as I can see.

Are you part of network shield?

Regards,
ExoClick

the network shield has 2 parts-

1.URL Blocker.

2.Enhanced network scanner.

The site is blocked by URL blocker so there is no scanning done be network scanner or the web shield …this site is in the list Of the sites which have to be blocked by url blocker…

they must have added it as the site may lead a user to malicious content…

@ exoclick
Well true indian has nothing to do with avast, other than he is an avast user like the others including me who have responded.

I also have no idea where true indian digs out this about the network shield “Enhanced network scanner” it certainly isn’t my understanding of how the network shield works, it doesn’t physically scan anything.

It checks calls to URLs against its list of known malicious sites and it monitors common ports used by exploits/worms, such as DCOM/LSASS, etc. This I wouldn’t call an enhanced network scanner.

Unfortunately this is true indian jumping on a passing bandwagon without a clear understanding about what he is talking about.

http://www.avast.com/free-antivirus-download#tab3

see the above link i am correct…go down and check features.

url blocker and network scanner[intrusion detection system] are in built components of network shield…

I think David hasnt read about the features of the shields but i have :wink:

Sorry but you couldn’t be more wrong if you tried.

[b]Network Shield[/b]

Protects against network-based viruses with two main components: a URL blocker for malicious URLs, and a lightweight intrusion-detection system.

Where does this say it is an Enhanced Network scanner, that you claimed.

The “lightweight intrusion-detection system.” above is exactly what I described, it monitors common exploit/worm entry ports.

EDIT:
Even the “lightweight intrusion-detection system.” that it does have has zero to do with this alert as that is protecting against ‘direct’ attacks through the ports that is is monitoring DCOM/LSASS, etc. So that would have an entirely different alert not blocking a site but blocking a direct attack on your system.

So as the saying goes, when in a hole stop digging.

REMOVED…

When are you going to stop digging.

No, it has nothing to do with this topic, this is the network shield blocking what it considers a malicious URL. It isn’t a direct attack on a users system which the network shield’s lightweight intrusion-detection function is looking out for. The network shield doesn’t monitor the http port/s traffic that is the task of the web shield.

The users firewall should also be looking out for these attacks.

Ok now i am not digging david u always make small things a big issue…hope i am not mean…

Digging as in digging yourself into a deeper hole and showing what experience level you have, not taking a dig at me, that I couldn’t care less about, I only care about helping with the actual topic.

Small things aren’t actually misleading the OP or other posters in the topic, all they have achieved is to take this topic wildly off-topic.

I intend not to take this further off-topic with your education on avast, so I will only be responding directly to the OPs comments/questions, unfortunately I fear he may have given up on this topic.