Jump to content

forum.piriform.com blocked by avast antivirus


JohnnyBob

Recommended Posts

  • Moderators

This was an issue last night

 

so far the moderator staff has not been informed what occurred, but as soon as we know you will know as well I assume

 

currently it looks like some images may have been lost as well

 

Symantec Enterprise was blocking it as a mass injection and other browser/OS's were showing a major PHP error

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

Avast 7 also blocked portable defraggler & ccleaner as "possible infections" (or tried to) when I was using them on a test machine.

 

I haven't too much faith in Avast. Too many false positives.

 

Now, the forum, yes, it was down for me also last night, & no, that was not Avast that caused it!!!

Link to comment
Share on other sites

  • Moderators

Thanks for the link Hazelnut :)

 

:lol:

Originally Posted by ratchet

I'm worried about hazelnut. Hope she is safe!

:wub:

:lol:

I got sleepy and added my avatar back.

Edited by Nergal

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

Yes, I read it.

_____

 

On the test machine, I was using Avast + CCleaner + Defraggler (To which Avast detected as "possible malicious programs), which is false.

I had not tried the Piriform website on the machine using Avast.

 

On my machine, I was using AVG & simply had the same error as others listed here, but no warning from AVG.

I also, am using Firefox.

_____

 

Nothing happened, except I could not access the forums till sometime today when I came home.

As I had this same error loading page as others here, & I was not using Avast on my main machine, I simply deduced that the website was down.

 

And not that Avast was protecting the machine(s) listed above.

I could be incorrect on this.

_____

 

It is also possible that my ISP automatically blocked the website while it was under attack.

Link to comment
Share on other sites

  • Moderators

You are incorrect. Avast protected you. Stop trying to kid yourself it was a false positive.

 

What happened to the forum earlier was nothing to do with what happened with the exploit later.

 

People who were using a Piriform product which was set to check for updates could have also triggered alarms from their av's when the updater contacted the Piriform servers.

 

Support contact

https://support.piriform.com/hc/en-us/requests/new

support@ccleaner.com

 

Link to comment
Share on other sites

People who were using a Piriform product which was set to check for updates could have also triggered alarms from their av's when the updater contacted the Piriform servers.

That surprises me.

Many times when I tried to contact the forum website I never had a warning but I had the error

"Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23"

BUT

I also tried

http://www.piriform.com/ccleaner/download'>http://www.piriform.com/ccleaner/download

and that connected immediately without any problem

but when I clicked on the Support button on that page and chose the "Community Forum"

I again got

"Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23"

I assumed it was only the forum website that had a coding error.

 

Are you saying that there was an exploit affecting both

http://www.piriform.com

and

http://forum.piriform.com

Link to comment
Share on other sites

  • Moderators

and here's me thinking it was as simple as some Webmaster publishing some poorly tested PHP code.

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

urlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about the actions a browser takes while visiting a site and presents the information for further analysis.

 

http://urlquery.net/...rt.php?id=77737

Link to comment
Share on other sites

You are incorrect. Avast protected you. Stop trying to kid yourself it was a false positive.

 

What happened to the forum earlier was nothing to do with what happened with the exploit later.

 

People who were using a Piriform product which was set to check for updates could have also triggered alarms from their av's when the updater contacted the Piriform servers.

Good to hear Avast provided protection!

Link to comment
Share on other sites

So everyone understands it:

 

someone hacked the forum and got access to the file system.

They changed some files and included an iframe.

 

The iframe loaded the new blackhole exploit kit v2.

And this loaded (on my machine where I saw this) some payload, it loaded also a jar file.

Google chrome blocked it for me directly.

The php error was due to the changed files and just fooled you. There was more than only this error message, the iframe, but you could not see it.

Link to comment
Share on other sites

You are incorrect. Avast protected you. Stop trying to kid yourself it was a false positive.

 

What happened to the forum earlier was nothing to do with what happened with the exploit later.

 

As stated above, the test machine using Avast was NOT used to connect to Piriform, but rather the main machine with AVG.

As per the forum, I also stated that it is possible that my ISP blocked the website due the infection.

 

Have heard that my ISP has a kind of firewall they use to protect users, etc.

 

Not sure on how deep their protection goes, but I listed it because they may have blocked it on their end.

 

* Bolded my prior statement concerning my ISP. As it is entirely possible they did block it till it was fixed. (Hence your observation differing from mine).

Link to comment
Share on other sites

  • Moderators

well, if nothing else, it's made us all re-find our avatars and prompted others to change theirs.

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

That surprises me.

Many times when I tried to contact the forum website I never had a warning but I had the error

"Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23"

BUT

I also tried

http://www.piriform....leaner/download

and that connected immediately without any problem

but when I clicked on the Support button on that page and chose the "Community Forum"

I again got

"Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23"

I assumed it was only the forum website that had a coding error.

 

Are you saying that there was an exploit affecting both

http://www.piriform.com

and

http://forum.piriform.com

 

just affecting the forum software, there were php files changed

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.