A nightly scan turned up HTML:Script-inf in a web page cached in my IE NetCache folder. It’s a page I visited last night.
It clearly wasn’t stopped before loading by the Web or File Shields.
Given that I opened this page, and Avast’s scanner thinks it’s a threat, what damage may I have done by visiting the page (and presumably executing the scripts)?
Net wsearches for “HTML:Script-inf” turn up lots of pages claiming “false positive”, but they go back for years, so I have to wonder whether there’s a real threat here.
Thanks in advance for any insights you have.
-Noel
More info: I looked and to my surprise found all the shields disabled. I enabled them, and upon visiting the same page “Threat has been detected” was emitted and something was blocked. That didn’t happen last night.
-
I’m not happy that somehow Avast ended up with Shields disabled. I didn’t do that. The most I ever do is the “Disable Shields for 10 minutes”, and I haven’t done that in a while.
-
Now I’m even more concerned, as I have likely run the malware script. It apparently originates here, in the headers returned when the favicon.ico file is accessed:
http: // eleniteski.com / trzbpxe.js ? b61835a6154387fb
(spaces added by me to prevent accidental clicking by forum readers)
That Avast found only the cached .htm file as a threat is somewhat comforting, but… What’s potentially compromised?
-Noel
http: // eleniteski.com / trzbpxe.js ? b61835a6154387fb
site seems to be down at the moment http://www.downforeveryoneorjustme.com/eleniteski.com
urlQuery http://urlquery.net/report.php?id=1399917044026
HTML:Script-inf
most likely a redirector...sending you to another site
That’s good news. I wasn’t redirected, and I hadn’t thought scripts alone could damage very much.
Since posting the above a boot scan didn’t turn up any problems.
-Noel
if you want a check …follow logs guide at top in viruses and worms forum section