Just got avast today

tried to access site and avast told me security centre had blocked a trojan horse. I cant access the site

Infection Details
URL: hxtp://www.bettingexpert.com/|{gzip}
Process: C:\Program Files\Mozilla Firefox\firefox.exe
Infection: JS:Redirector-TH [Trj]

I used secuni to scan it and website is fine, anyone have any idea? Is it Firefox? for some reason other sections of the website are okay it seems, just homepage

thanks

Upon opening the trojan download starts from a redirect via wXw.bettingexpert.com/old browser
So avast webshield might have protected you from downloading this trojan.
If you had the trojan allowed to download, produce the logs as asked for here: http://forum.avast.com/index.php?topic=53253.0
and a qualified remover may look into the issue.
I hope however that you had a lucky escape,

polonus

For whatever reason, this is also opening a compressed file (possibly a script file) as well as the main page that is what the |{gzip} is indicating. This is I feel unusual (not the norm) and avast’s web shield have a high accuracy on such detections. Though that can’t be 100%.

Avast isn’t alone in considering the {gzip} file being loaded is suspect, https://www.virustotal.com/file/e4160e45d6868ec1e714c063ca4ad9ac7633ebdfae831652422e65ce94411e1a/analysis/1334675096/.

See image extract of the file which is trying to be loaded.

thanks#
I keep getting an error before this saying script has stopped working on lot of sites, has that anything to do with it
is it my end or theirs?

I got told Avast stopped it so I assume I am okay?

It is on their end, not yours or the alert would show a local hard disk location. So the web shield has blocked this file from being run and possibly redirecting to a malicious site.

The bettingexpert site may have been compromised.

thank you

Hi JJB22,

Thanks for your feed-back here, and welcome to the support forums.
Stay safe and secure online through avast,

polonus