What flagged and torpedoed the webshield?

Hi malware fighters,

I just went to the following site: htxp://www.asterothsforum.com/content/ after a search with Copyscape for http://forum.avast.com/index.php rendered a result. After opening it in GoogleChrome on XP SP3 I got a malcode flag from the webshield. This must have also closed the webshield for I saw no mention of the flagged malcode mentioned in EventLog explorer. As I gave in the flagged address in unmasked parasites the browser did not further render that site, every time I reloaded the page after just clicking the searchform bar I got the known grey with the sad face. Tried to restore it by renewal of the Google Chrome profile via Start Run, but to no avail. Getting to unmasked parasites in other browsers like IE8, flock or Fx no problem, and funny enough the asterothsforum dot com query did not give any malcode there and in the past, so the malcode must have been injected recently or the site must have been cleansed by the malcreants just before the Google crawler coming around (no results for a 90 day period). So I have two questions to you all, what malcode is hiding at the site visited with the Google Chrome browser (there is hidden javascript on that page, of that I am sure) and is there a relation to unmasked parasites page not being rendered in Google Chrome? I uninstalled GoogleChrome until I know what has happened, webshield is working fine, scans did not deliver anything, but as I said the two questions remain.

polonus

Am I wrong in thinking that event log explorer is looking at the windows event viewer ?

If not, avast5 doesn’t enter antivirus log data into the windows event viewer any more.

Hi DavidR,

The find was in manifest json,

polonus

I just visited the copyscape site and dis the search on forum.avast.com/index.php only found two hits, the avast forum and netpurum I didn’t visit that as I know avast uses netpurum for some applications.

I think antivirus folder in Event viewer is left there after over install 4.8 for v.5 - is that right DavidR?

  • is turns itself off or something - avast doesn’t load into it - I haven’t got it cos I uninstalled 4.8
    avast 5 is the better system

That’s right, but I don’t believe that is what polonus means, given his 2nd post.

okay thought good time to confirm. I will look at post but dont do that

Edit - reading down a page for bad stuff is about all I do now Pol - only got time for

Hi my good friends,

I am OK now, vario-scanned the OS and with GoogleChrome uninstalled, just wait until MBAM soon to have the signatures for cleansing the malcode that was trying to change the GoogleChrome settings to just give that anti-malware scanner a swirl… I think again avast has saved my glorious behind here, as it has done a few times before, because a flag practically meant disconnecting from whatever and immediately upon spotting that I have closed that particular tab and process, well all of the browser, so I luckily escaped infestation. Could it have been a variation on the 2008 code described here? Re
http://securitylabs.websense.com/content/Blogs/3239.aspx
Allthough GoogleChrome as a browser is hard to hack because of the sandboxed design, I feel a bit more secure with the double protection in either Fx or flock with both NoScript, RequestPolicy and the avast shield. GoogleChrome has very positive aspects, is swift, lean etc. but Giorgio Maone’s NoScript defense has not been beaten yet, so for the mean time I stick with the mozilla browser - too many darned website injecting malcreants around nowadays,

Damian

Hi Pol

My Firefox is much more securewise than my Chrome

I use Chrome for the convenience, the new tab technology is good for search and surf
You can open Chrome in avast sandbox and surf like that

Edit - testing my Chrome in the sandbox - so I ran it through secunia and found Chrome out of date
I uninstall / reinstall in case Chrome had been damaged - and I found this in secunia

http://news.softpedia.com/news/Mozilla-Confirms-Critical-Firefox-Vulnerability-138014.shtml

I send it across to the security warning thread

Hi mkis,

Well Firefox has a very critical hole: http://secunia.com/advisories/38608/
In Germany users are officially advised not to use Fx until this has been patched with Fx 3.6.2
Users could already use this beta version to be protected: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.2-candidates/build3/
But Firefox with NoScript extension installed has never been exploitable and won’t be in the foreseeable future, still the extension never made it as a default in any browser, just like request policy. Two of the most brilliant security applications for in-browser security.

If they were to be brought into browsers I think there would be a loud protest from major sponsors, user trackers and profilers, leechers, advertisement-launchers etc. For the common user however it would be a major blessing to know that malcode could not run inside the browser, sandboxed running comes as a second best, running a browser under normal user rights as third best option, all three combined with the webshield is super secure and then there also could be thought of a regularly updated hosts file to optimize this further.
Running a regular not fully patched or updated browser with full rights without further security measurements online is like playing Russian roulette against malcreants’ malcode all sorts…

polonus