The costs of running this huge site are paid for by ads. Please consider registering and becoming a Supporting Member for an ad-free experience. Thanks, ECF team.

Warnings from antivirus

Discussion in 'Computer Security' started by RichardV, Nov 13, 2014.

Thread Status:
Not open for further replies.
Image has been removed.
URL has been removed.
Email address has been removed.
Media has been removed.
  1. RichardV

    RichardV Vaping Master Verified Member ECF Veteran

    On numerous threads I am getting Script-inf warnings from Avast. Not only in the threads below , just scattered randomly thru the forum.
    Here is one of them
    URLhxxp://www.e-cigarette-forum.com/forum/ask-vets-answers/621178-getting-petina-my-copper-mod.html|{gzip} InfectionHTML:Script-inf

    another
    URLhxxp://www.e-cigarette-forum.com/forum/ask-vets-answers/621225-anyone-here-using-smokjoy-gi2-able-keep-locked.html|{gzip} InfectionHTML:Script-inf
     
  2. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
    Do you recall which ads were showing on the page at the time? I just went through the source code for both pages and everything appears fine on both.
     
  3. RichardV

    RichardV Vaping Master Verified Member ECF Veteran

    No ads showing. I only see avatar pics & a CASAA sig. I wonder if something on these particular threads might be causing a false positive warning from Avast.

    I am now getting a blocked infection warning on this thread. No avatar or sig showing.
    http://www.e-cigarette-forum.com/forum/ask-vets-answers/621225-anyone-here-using-smokjoy-gi2-able-keep-locked.html

    Infection blocked
    URL
    hxxp://radioskin.com/?f_PgUx=Y0n2HZfnI4__evM9l_ce_2Lesz5rawbLaq&ygF_N=_2_6G76qU4V6Ugfm0wY5Lfaxbr3N3t&3OW=R5T

    Infection
    URL:Mal
     
  4. Norrin

    Norrin Super Member

    Aug 29, 2014
    Shetland
    I have had it from trying to load the smilies and that has no ads, I can't load them now as I think they have been blocked and I'm too lazy to fix it.
     
  5. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    I was having problems accessing pages yesterday which Retired1 helped me out with.
    I've since come to the conclusion that it's a browser hijacker that's causing the problems for me.
    I'm currently running an Avast virus scan (87% complete at the moment but painfully slow) and it's found two infections so far.
    I'll report back exactly what they are when the scan finishes.
     
  6. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
    Not seeing that url anywhere on ECF.

    Going to reboot into Winderz and do some checking from that side of the notebook.
     
  7. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
    I've run all three pages through my machine, no hits. Did the same with an online scanner and again, came up clean.

    May want to do a deep scan on your machine to see if there's anything lurking in the background.
     
  8. RichardV

    RichardV Vaping Master Verified Member ECF Veteran

    In the process of doing that now.
     
  9. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    Right, the scans finished and it sounds like we've likely got the same problem.

    Avast has found two files in the Local Settings/Temporary Internet files folder.
    They're flagged up as Threat:HTML:Script-inf and their severity is High.

    They're interestingly named.

    colin-firth-wants-kings-speech-sequel-106269[1].txt
    kristen-stewart-miss-out-snow-white-sequel-103492[1].txt

    I've no idea where I got these from, I usually keep away from the dodgy parts of the internet, but the filenames sound like they could have come down an ad network.


    So I'm to press the delete key and hope that's the end of it.
     
  10. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    I was getting warnings from Avast to a radioskin url too.
     
  11. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    Just found this thread on the Avast forums.......
    https://forum.avast.com/index.php?topic=99873.0
    Seems it's a server side thing.

    "Vulnerability there vBulletin version outdated: Upgrade required. maybe this caused HTML:Script-inf on that site,"
     
  12. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
    If that's going to be their "official response" to a false positive, I'd be searching for a new security package for my machine.
     
  13. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    Yes it's a little bit terse isn't it?

    Is it likely to be a hijack on a server side thing?
     
  14. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
  15. RichardV

    RichardV Vaping Master Verified Member ECF Veteran

    After complete scans using Avast (nothing found) & Malware Bytes ( a "PUP" found), and cookie/temporary internet file deletion I still have the same results when going to some threads here.
     
  16. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
    We've pinged the server team to double check.
     
  17. rolygate

    rolygate Forum Manager Verified Member ECF Veteran

    Supporting member
    Sep 24, 2009
    ECF Towers
    I have Avast and it doesn't report any problem.

    No other members are reporting this. On the very rare occasions when we had malware on the server in the past, a flood of members reported it and the reports kept coming until the issue was fixed.

    So I think this will probably turn out to be a local issue. Maybe a rootkit. Perhaps the Malwarebytes rootkit removal tool may be useful here, worth a try anyway.
     
  18. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    I'm running malwarebytes at the moment.

    I've also tried adwcleaner and hitmanpro. They found nothing.
     
  19. retired1

    retired1 Administrator Admin Verified Member ECF Veteran

    Supporting member
    Apr 5, 2013
    Texas
    If Malwarebytes doesn't catch anything, I've found ComboFix rarely misses what others fail to catch.
     
  20. Shirtbloke

    Shirtbloke Super Member ECF Veteran

    Apr 26, 2014
    UK
    MWB found nothing. I even updated Avast and ran that again. Nothing.

    I'll give Combofix a try. Thanks.
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice