Possible virus / malware being detected by Avast 6 on BabyPips Forums

Hello.

Since Friday last week: every time I access the BabyPips Forums my antivirus software (Avast 6) detects a possible virus / malware on an external link. I’m guessing here but it could be some or the other link from one of the advertisers i.e. it’s detected before the BabyPips Forums are even displayed (it appears immediately as soon as my browser opens after clicking on the desktop shortcut which I use to go directly to the BabyPips Forums).

I’m not sure if this is a false positive but I figure it’s worth a mention anyway.

Yesterday I ran a complete (boot time) virus scan of my PCs and they’re fine (apparently). Also: it ONLY happens when I visit the BabyPips Forums i.e. it does not happen when I visit any other sites.

(Window XP SP3, all MS patches etc. up-to-date, IE8, Avast 6 up-to-date).

Regards,

Dale.


Hey Dale,

Thanks for the notice. What URL were you navigating to when the prompt appeared? In the past, we’ve had infected LinkBacks and linked content create issues for us. The infected website or content sits outside of BabyPips.com, but because we link to it, we get flagged. This hasn’t been every case, but it has happened quite often. If you give us what page you were navigating to, we might be able to find the suspect content quicker. We’ll also check our systems for any issues. Thanks for the heads up!

Pipstradamus

Hello.

My pleasure.

Well it happens on any link I use whether it’s a direct link to one or two posts I’m monitoring (I have links to them added to my Favorites Bar in IE8 for quick access) or if I just go to Forex Forum: Discuss Foreign Exchange Currency Trading with the FX-Men.

Some extra info:

I HABITUALLY (after every single browsing session i.e. YES everyone knows I’m a bit “OCD” not to mention “paranoid and a tad insane”!!! LOL!!!) clear all my temporary files immediately after any browsing session (mainly using CCleaner). So it’s (the virus / malware / link) only detected the FIRST time I start browsing BabyPips’ Forums. After the first detection I can browse freely and no more detections. I’m not sure if this means anything but maybe it will help.

Let me know if you need any further information and I’ll do my best to help (although I’m no expert on things like “linkbacks” and “pingbacks” and the like unfortunately).

One other thing (off-topic but it’s happened before, disappeared after I pointed it out some while back, and it’s now back again):

Take a look at the attachment i.e. the space between the word “by” and the members’ login name is missing (OCD!!! Pedantic maybe???)!!! LOL!!! It’s only cosmetic really but, well, I thought you’d like to know (and didn’t think it warranted the opening of another thread).

Regards,

Dale.


Pipstradamus,
I searched out this older post because I am currently having the same problem… When I navigate to ANY of the forum pages I get an alert. I have avast! version 7.0.1474.
Just a heads up!
Any suggestion?
Thanks!

Same here, Avast! alert: http://qagezoqeqa.ftpserver.biz/… malware

The first time I open BP frontpage…

Me too… & I have Avast

me too. THis happens periodically with antivirus software though. They can be quite sensitive, especially Avast I find. When they update definition files sometimes something that is clean looks susspicious enough to trip an alert. I have e-mailed Avast and await a response. Usually they will release an update once they have investigated.

Thank you all for your comments and feedback. They’re definitely helping us to gain a better understanding of the situation. We had 4 other reports over the last 2 weeks of AV prompting some users when visiting our website. 3 of the 4 reports were also users using Avast. The 4th didn’t was using Norton AV.

Strangely, we didn’t have any other indications of a site wide problem. Nothing from Google, who is very prompt to let us know if we’re even linking to infected websites or malware. And nothing from the other tools and services we use to monitor our website.

We’ve subsequently performed several scans on all of our systems without finding any active infections or malware. But that still doesn’t mean there isn’t a problem or something else goin on. We’ll also contact Avast for any information they can provide us on the prompts.

Please continue to update us with anything you experience. We’ll update you on the situation when we have something new to share.

Thanks everybody.

Pipstradamus

We’ve installed a copy of Avast Free Antivirus on a test system. Clean browser, no cookies or temporary files. We’re not getting any prompts or alerts while browsing our various sections. We’ll update the thread once we’ve had the software running a little longer.

[Updated: The 4th user above was using Norton AV. All other reports are from Avast AV user at this time]

Thanks!

Pipstradamus

Hey all,

We got a reply back from the folks at AVAST! Antivirus. They apparently use 3rd party reporting as part of their security offering. They specifically cited the following company and website that they use with their antivirus product, and it’s this particular service that reported our website to them:

Sucuri SiteCheck - Free Website Malware Scanner

We’ve checked it repeatedly and the scans came back clean. However, the original scan results that AVAST showed us came back with an iframe related malware infection. While we haven’t experienced it ourselves, it must exist as several of you have been prompted.

We can tell you that iframes are used by some of our advertisers as part of the technology behind how we get their ads on our website. And this makes a bit more sense as the malware/infection issue hasn’t been widespread across our user base and has only happened infrequently. We’re thinking this has to do with how the ads are served and spread across the website to various locations. And if reinforces the fact that we can’t find any viruses/malware in our own hardware/software. Furthermore, and this could really be a coincidence, a big player in the ad server platform industry just recently made plans to shut down it’s free, hosted ad server platform due to security vulnerabilities, specifically, malware injection into ads.

We’re reaching out to all of our advertisers to inform them of what we’re experiencing and determine if there’s anything they can share with us.

Thanks for your patience and understanding with all of this.

Pipstradamus