system
1
Avast users are getting a warning when accessing hxtp://escaladenotas.cl
Is this a false positive? At one point I assumed it was the faulty virus database released on Monday, but I’m still getting this warning?
Thanks in advance.
Avast detects it as infected with URL:MAL, probably cross site scripting attack …clicktale
See: htxp://jsunpack.jeek.org/dec/go?report=5de05ecce6aaa479e7ac7a3413b56bbf0c8f00b1
Go there only if you are security aware, sandboxed and with ample script protection…
polonus
system
3
I can’t see anything that avast would directly alert to, i.e. the site seems to scan clean.
I can’t quite fathom this one out…Ignoring the network shield, I don’t get any alerts on the site, but trying to translate with google causes an alert
(This however could be related to the way google translate works - including the site within a frame…and if the site is blocked by network shield then could cause an alert.)
That said, this clicktale seems interesting…
http://www.mywot.com/en/scorecard/s.clicktale.net
Either way, I’d say that this needs someone from the avast team to comment.
Scott
system
4
I see that in my Network Shield log all the time. It blocks Google Analytics.
Think I have found it, it is this there script on the site "src= … htxp://s.clicktale.net/WRb6.js
similar like htxp://urls–clicktale–net.reachlocal.net/WRb6.js So like google is blocking here:
hxtp://www.careerint.com/SearchVacancies/…/wrb6js.htm
When it is hxtp://www.google-analytics.com/ga.js it must be altered…
I hope I can get this confirmed,
@jipumarino make the link htxp// until the site is cleansed…
polonus
system
6
Hi, thank you all for your help.
I already disabled clicktale entirely, but I keep getting the same warning, so Analytics seems to be the one to blame. What can be so special about my Analytics setup?
Again, thanks for your help.
system
7
This is the network shield, so it would take avast to have a look, and determine whether it can be removed from the block list…
You can report it here:
http://www.avast.com/contact-form.php?loadStyles
Hi jipumarino,
Looked into your site, the sucuri scan is all green. But it seems there is another issue now &usg=AFQ etc. HTML:RedirME-inf[Trj] now found by the Webshield, it seems your site has been hacked and you have to cleanse and upgrade your webapps, see attached gif image…
polonus