# Virus in users Avatar or sig



## Wombo Combo (Jun 4, 2011)

http://gbatemp.net/u67667-toguro-max

When I visited his profile and any topic he posted in I got this message






Text


			
				QUOTE said:
			
		

> Address has been blocked.
> URL address:
> "toguro_max.sites.uol.com.br/Sonic_Form.gif"
> 
> ...


----------



## ShadowSoldier (Jun 4, 2011)

I just went to his profile, Avira didn't pick anything up. Maybe your av is confusing it as a virus?


----------



## Wombo Combo (Jun 4, 2011)

Its blocking for some reason I suppose. I am sure its on ESET's block list for a reason. The site might be infected with malware.


----------



## Sausage Head (Jun 4, 2011)

microsoft security essentials doesnt ring any bell either


----------



## Dter ic (Jun 4, 2011)

nothing on Avast over here


----------



## Deleted-220713 (Jun 4, 2011)

AVG isn't picking anything up.


----------



## N00ByBo0 (Jun 4, 2011)

I get the same since I'm using NOD32 too =3


----------



## SgtSimpon (Jun 4, 2011)

Even The Site is Fine:
http://www.virustotal.com/url-scan/report....56de-1307182781
2011-06-04 12:19:41 (UTC)
*
Webscan result:
0 /16 (0.0%) *
*index.html
Submission date:
2011-06-04 12:28:23 (UTC)
Result:
0/ 42 (0.0%)*


----------



## Sausage Head (Jun 4, 2011)

index.html? thats not what we are talking about


----------



## SgtSimpon (Jun 4, 2011)

It's What Virus Total Also Scans to Find if Any Malware is Stored on the Website.

Found Something:
http://www.urlvoid.com/scan/toguro_max.sites.uol.com.br
toguro_max.sites.uol.com.br
IP Address 	200.147.33.17
IP Hostname 	200-147-33-17.static.uol.com.br
IP Country 	BR (Brazil)
AS Name 	Itanet - Itamarati On-Line Ltda.
Detections 	2 / 23 (9 %)
Status 	SUSPICIOUS
The Website is Suspicious. 

"Scanning site with: 	Malc0de 	DETECTED
Scanning site with: 	MyWOT 	SUSPICIOUS"


----------



## AlanJohn (Jun 4, 2011)

Your antivirus thinks that everything is a virus.


----------



## Sausage Head (Jun 4, 2011)

This Is The One You Need:
*File name:
Sonic_Form.gif
Submission date:
2011-06-04 12:31:43 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)*


----------



## Deleted member 473940 (Jun 4, 2011)

Nothing detected with McAffe either.


----------



## SgtSimpon (Jun 4, 2011)

BAD!
IP Address 	200.147.33.17
IP Hostname 	200-147-33-17.static.uol.com.br
*IP Country 	BR
AS Number 	N/A
AS Name 	N/A
Detections 	4 / 26 (15 %)
Status 	DANGEROUS
The Ip has Nasty Stuff on it!
Emerging Threats 	DETECTED
MalwareDomainList 	DETECTED
MyWOT 	DETECTED
Threat Log 	DETECTED*


----------



## Wizerzak (Jun 4, 2011)

I'm not getting anything with Avira.

McAfee Siteadvisor can't detect anything either:

http://www.siteadvisor.com/sites/http%3A//...tes.uol.com.br/
http://www.siteadvisor.com/sites/http%3A//.../Sonic_Form.gif


----------



## Maid-chan (Jun 10, 2011)

my Avira didn't detect anything... maybe your Avira is old version?


----------



## Rydian (Jun 10, 2011)

http://en.wikipedia.org/wiki/Heuristic_analysis


----------



## raulpica (Jun 11, 2011)

mahisa88 said:
			
		

> my Avira didn't detect anything... maybe your Avira is old version?


BTW, we fixed this two days ago by gently asking toguro_max to rehost his avatar somewhere else


----------

