Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 29340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False positive mal/HTMLgen-a

Airiq
Hi im new to Sophia and I wanted to see if the site Checkwebsitesafe.com was a safe site. When checked virus total, it said tha Sophos said it was malicious. I checked other safe URL checking sites and most said it was fine. Only Anubis malware said it was bad. This is the link to the scan report-http://anubis.iseclab.org/?action=result&task_id=15d6e5628029555a4898bdb3d425733ee&format=html and I had a discussion on the clamxav forums which has more info-http://www.markallan.co.uk/BB/viewtopic.php?t=2916&sid=0cc1a50ada0196e8889b07191719ae88 thanks if someone can help me out with this
:34971


This thread was automatically locked due to age.
  • 0

    Hi Airiq,

    Welcome to SophosTalk.

    I've asked my contacts at SophosLabs about this, and this is the reply I received ...

    I just tried 2 things…

     

    -          I searched on VirusTotal for that URL myself and Sophos is not classifying it as malicious.

    -          I navigated to checkwebsitesafe.com on my desktop machine here and was able to do so without any alerts or blocked actions from Sophos.

     

    Checking our systems history for that URL I can see that it was classified by us back in October but that classification has since been withdrawn. This is quite common as we frequently block/unblock websites as we find them to be infected and then cleaned on a regular basis. Just because a webpage is not compromised today does not mean that it never will be! And likewise, compromised sites can fixed-up and made safe.

     

    I hope that helps.

    As the man says, "I hope that helps".

    Best regards,

    spike.

    :35045
  • 0
    Thanks for your answer spike it helped a lot. But i am still wondering about a few things:
    I went to hphosts to check out the site and i found a link to http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=123.30.187.156 
    Is this the malware that the anubis scan found?does this mean it has malware? I cant really figure out what it means. I went to both of the url/adresses it said were malicious. Just want to clear up wether or not I have malware on my mac that i might accidentally send to a windows computer. As well as making sure Sophos isn't wrong and that the site is malicious/does have malware
    :35099
  • 0

    Hi Airiq,

    I'm glad that helped out a bit. I can't really answer your follow-on question about Anubis, though, since it's a third party site, and if I go blundering around trying to interpret what it means, any answer from me could mislead. It may be that someone on SophosTalk can step in.

    Best regards,

    spike.

    :35189
  • 0
    I think i might have found the answer myself. After looking/hovering over each of the items, it was info taken from virus total which is where you said it was a false positive? This means that it was irrevelant i guess. But 1 more quiestion, He said that it was a false report right? or was it just malware that was cleaned the next day? Edit: also I have a general question, when I checked virus total for that site a while ago, it said it was malicious. Then a week or so later, the warning disappeared. Did it take that long to disappear or is there a wait time before a site can be taken down as malicious or false positive?
    :35197
  • 0

    Also, how long does it take usually for sophos for mac (free home version) to install? How about uninstalling and scanning files?

    :35249
  • 0

    Hi Airiq,

    We have a separate community for free tools like the Mac Home Edition. I suggest you try there ...

    http://openforum.sophos.com

    In general, installation time depends on the kind of system you have. That's certainly true of scanning. It's determined by how many files there are.

    Regards,

    spike.

    :35259
  • 0
    Airiq wrote:
    I think i might have found the answer myself. After looking/hovering over each of the items, it was info taken from virus total which is where you said it was a false positive? This means that it was irrevelant i guess. But 1 more quiestion, He said that it was a false report right? or was it just malware that was cleaned the next day? Edit: also I have another question, when I checked virus total for that site a while ago, it said it was malicious. Then a week or so later, the warning disappeared. Did it take that long to disappear or is there a wait time before a site can be taken down as malicious or false positive?

    How about these questions?

    :35277
  • 0
    I have another question, (sorry for all these questions) What is live protection and how do i turn it on/off? (making sure I am correct about what it is). Also a general question about malware: if break a computer(by spilling something on it) and it has malware on it, can the malware still spread even though the computer isn't used? ( I spilled hot chocolate/coffee on my laptop and it smelled corroded so I gave up and put it in a bag to never use again.)
    :35325
  • 0

    Still looking for an answer to all these questions. Also about the laptop, it no longer works as i tried to turn it on earlier.

    Also is the site really safe? Because anubis says it has a malware that effects internet explorer by injecting code and other things still when i rescanned the site. I just want to make sure that i dont have any malware or anything.

    Edit: when i search sites.google checkwebsitesafe dot com it shows up with a sites.google webpage talking about it even though it could be malicious? It also has a lot of popups and ads on the site from things like bidvertiser/ilivid/chitika etc. ( I remember this from when i first visited the site by mistake. also looked at the webutation review of the site)

    :35377
  • 0

    I get this mal/HTMLgen-a message with every web page I load, even here on the sophos board.

    It's really annoying. 

    Apparently api.bit-accelerator.com is causing it problems.

    thanks

    ed

    :35385