After Update-NOD32 is blocking some websites

Discussion in 'ESET NOD32 Antivirus' started by MAD King, Dec 17, 2009.

Thread Status:
Not open for further replies.
  1. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    After I updated NOD 32 is blocking websites like messenger-friends.com, hm.com, gmx.net....

    Why? Did I miss some in the config?
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Odds are they are serving malicious banner ads that are trying to use the recently disclosed Adobe PDF exploit.
     
  3. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    So I will never be able again to connect to this websites as long I have NOD running? One if it is my email host and I need to get to my emails.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    You can temporarily disable HTTP scanning or add an exclusion, but be aware that there is a substantial risk that you system will become infected from visiting. An easy workaround would be to install Adblock+ if you are using Firefox or some IE analog so ad frames are loaded on a page and the AV filter doesn't have to flag anything.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Nothing is blocked nor detected on those sites here with the latest update.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I am getting flagged visiting xxx.messenger-friends.com
     

    Attached Files:

  7. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    I am getting the same note. I do not think that there is a virus or so, because I am getting the same note on the hm.com and gmx.net and those are big companies.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Sorry, no flags on my installation on hm.com or gmx.net.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sorry, I forgot to enable web access protection :) We're on the ball. I'm not sure if it's a fp or not, but there must have been a reason for blacklisting it. Update: it's been blacklisted since July 20, 2009.
     
    Last edited: Dec 17, 2009
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Let us know, as it develops, Marcos. Though I am not surprised to see an iframe exploit on a site such as xxx.messenger-friends.com
     
  11. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    OK. Wired is, that none of my buddies is getting a virus or trojan note, but they using different Anti-Virus Software
     
  12. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    What is this?
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    What specific URL @ Wired ? Be sure to obfuscate your postback link !
    Example: http://[b]xxx[/b].wired.com/
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Tweaked IE Settings.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The iframed link doesn't work anymore so it looks highly suspicious that it used to be a legit site. It could be that the server's been compromised recently and malware added the already non-functional iframed link to existing html files.
     
  16. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    I mean weird. lol
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    If you are getting flags from NOD32 visiting Wired.com, please post back the links as to where this is happening. A Moderator or I will fix them immediately so no one else runs the risk of getting a possible infection.
     
  18. MAD King

    MAD King Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    13
    I do not have problems with this site.
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The iframed link will be removed from the blacklist. If it starts working and turns out to contain malicious code, it'll be blacklisted permanently.
     
  20. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    And still flagging !
     
  21. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Last edited: Dec 17, 2009
Thread Status:
Not open for further replies.