This site was detected by avast!'s Web Shield in the past once and then it was removed, however now Mozilla Firefox 3.0.3 detects it as a ‘attack’ site.
I wanted to confirm whether this is true or a potential false positive.
This site was detected by avast!'s Web Shield in the past once and then it was removed, however now Mozilla Firefox 3.0.3 detects it as a ‘attack’ site.
I wanted to confirm whether this is true or a potential false positive.
Well first off I don’t get any alert on this page (typed URL into address window), I’m running firefox 3.0.3.
So are you using ff 3.1 or 3.0.1, which is out of date (though that I wouldn’t have thought would have this effect) ?
How are you arriving at that web page, link on an email or another web page, etc. ?
This could be a phishing attack where you aren’t actually at the vistaknowledge.com site, that
[font=tahoma]Sorry, David. I meant Firefox 3.0.3. I keep getting it mixed up.
Let me make this clear… >:(
avast! has detected this page in the past, and I do not know why it does not know.
http://i189.photobucket.com/albums/z276/Shockwavesn1per/10-19-08.jpg
Well, maybe avast! was right about blocking the site using Web Shield.
My friend from HPHOSTS told me that this site connects to:
google-analistyc.net/in.cgi?
google-analistyc.net/default.cgi?
google-analistyc.net/in.cgi?5
fstat.cn/in.cgi?id143
verzeih.com/100/index.php
Thanks. (Sorry about the screenshot David; 320KB)
Well what you now describe is a whole different ball game, and it would depend on where the source wallpaper is downloaded from. That would have to march the avast detection for it to be in any way connected.
Free wallpaper and screensavers are commonly used as the hook to distribute malware.
Looking at the connects, fstat.cn/in.cgi?id143 looks suspect to me why would the site connect to a site in china, perhaps the site is a) unaware of this link (it could have been hacked) or b) is unaware that google is blocking its content.
See http://www.siteadvisor.com/sites/vistaknowledge.com, which gives vistaknowledge a clean bill of health, though that is no guarantee, but the sites it connects to doesn’t feature fstat.cn (or the other for that matter but they are no direct links the user can go to).
This also shows it is google’s blacklist which firefox uses I believe which flags this. It is just strange that the barrier only comes down when you click on any link to download stuff. Looking further fstat.cn puts the same block by google/firefox, so it may well be that this association is what causes the problem.
And, yeah I wouldn’t rely too much on McAfee’s SiteAdvisor.
March avast!'s detection?
Oh, can you tell me how did you find out about the “connects” and the fstat site? Thanks DavidR.
As I said it is alerting on all downloads.
Well the connects you reported in your last post re “My friend from HPHOSTS told me that this site connects to:” and when I saw a Chinese domain .cn I tried to access it and google threw up the alert.
I didn’t check the google ones or the verzeih.com one, which could also be suspect as that is a domain registered/hosted in Taipei Taiwan, see image, it confirms my suspicion.
Also see http://www.google.com/search?q=verzeih.com, so me I would report this to the vistaknowledge.com site and stay away from it until it is resolved.
i can confirm that vistaknowledge is hacked, look here http://forum.hosts-file.net/viewtopic.php?f=9&t=749&start=120 the sites in question is now blocked by hphosts hostsfile thanks to drragostea that told me about this, thanks
the sites that connects is serving exploits i think. there may be new connects from other malicious sites the next time you visit even if the other connects disappears, you never know.
siteadvisor is not perfect either, some malicious sites gets a green rating.
i looked after wallpapers at different sites and antivir (i use avast now ;)) detected some malware on one site, popups appeared, ie7 freezed and i could barely block the malware with antivir so be careful when visiting wallpaper sites.
Thanks for the feedback.
Yes, siteadvisor is less than perfect, but only one of the tools in the armoury, common sense being a very big one.
Absolutely, wallpapers, screen savers and free codec sites are a high risk area and caution is advised.
Thank you maugrimx, for the link.
Well, the main point of this whole thread was to confirm whether this page was malicious or not. And I was just wondering if avast! would include this site again in the Web Shield.
Well, I’ll stay away from the downloads, but just merely browsing the sites would be “safe” correct DavidR?
Well I would say steer completely clear as a hacked site might well have more than just download pages hacked. There is no such thing as ‘safe’ when you are talking about a hacked site.
When I visited to investigate I was reasonably well protected, firefox (running under dropmyrights), with noscript, links checked with drweb link scanner before clicking, with avast and a resident anti-spyware (SAS) running. Add to that A tested back-up (daily) and recovery system (hard disk imaging software, weekly backup), so should I catch a cold I can restore my system to a pre infected state in under 15 minutes and recover my data files, etc.
So as you can see I exercise care when paying these visits and I don’t think I would ever visit a suspect site as a matter of course or routine.
i have been stupid enough to visit possible malicious sites on purpose because i am hunting for malicious sites to submit to hphosts. but i would not recommend doing it. what i use to do if avast or other security programs detects something or i see a popup on a website from a fake antivirus scanner or such is to disconnect my cable to try to prevent the malware from trying to do its dirty things.
I like to do the same thing as it must be a masochistic trait I have or is it more of a sadistic trait I have of inflicting pain on malware purveyors?
it was just fun to see a wallpaper site i visited in action trying to infect me
like the childsplay movies combined with speedy gonzales. i was just looking for wallpapers and didnt expect a circus. at least ie7 crashed but that is nothing new
[font=tahoma]I understand, and thank you DavidR for the responses.
Just one off-topic question. I have to say, you have a very ‘powerful’ configuration.
I would like to know what image backup software you are using (that was A-rated).
Thanks.
drragostea.
Malware these days are too dangerous. One step and you fall in a pit.
I wouldn’t say it is A rated but it works, It is Drive Image 7.1 the last version by PowerQuest before they were bought out by Symantec spit, but there are others Acronis True Image or Norton Ghost (this is also owned by Symantec and is an amalgamation of Drive Image and Ghost), but there are others.
So DriveImage is not longer supported/continued/updated?
Hrm, I’m thinking about giving it a run…
So DriveImage is not longer supported/continued/updated?
No, it’s not.
[font=tahoma]Thank Tech and DavidR. Basically your responses answered my query. I’ll avoid the VistaKnowledge site in the future, maybe never visiting it again (unless it is not my computer, hehe ;D). I basically seeing the drive-clones (DriverImage, Norton Ghost, Acronis, etc.) as a stronger, more robust version of System Restore… maybe? :-\
I basically seeing the drive-clones (DriverImage, Norton Ghost, Acronis, etc.) as a stronger, more robust version of System Restore… maybe? :-\
Acronis is on top of the list imho.
Try Paragon Drive Backup 9.0 Express. It’s a freeware (http://www.paragon-software.com/home/db-express/index.html).
[font=tahoma]Thanks Tech, but I don’t think I’m ‘ready’ for Paragon. I feel like I trust Acronis more. If I have to pay I’ll pay, but it’s worth for what I get.