dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1328
share rss forum feed


chip89
Premium
join:2012-07-05
Independence, OH
Reviews:
·Cox HSI

Hp website

I want to Hp's website to get some info for my new computer When I went to the site it was infected! I found this out when Avg blocked a threat from Hp's website the message looked like this!


dib22

join:2002-01-27
Kansas City, MO
whats the more info show?

what url is it?


chip89
Premium
join:2012-07-05
Independence, OH
The more info shows treat reports from Avg the URL is »www8.hp.com/us/en/home.html .

PX Eliezer
Premium
join:2013-03-10
Graustark
kudos:7
Reviews:
·Optimum Voice
·callwithus
·Callcentric
reply to chip89
What was the website URL?

Did you type the URL in yourself (in which case you may have mistyped), or did you click some link to get there (in which case the link itself could be directed to a rogue site)?

What sort of DNS server are you using---that provided by your ISP, or an outside DNS such as Google DNS, OpenDNS, etc?

Could this be a man-in-the-middle attack?

etc etc

Afterwards did you try to return to the site?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to chip89
Hang on the "Object Name" appears to be a PayPal login script. Is there a PayPal logo or something on the "HP" page you visited?

Could be you're being redirected to a malicious site instead of the real HP site. Be very wary of entering your PayPal login info if asked.
--
Don't feed trolls--it only makes them grow!

PX Eliezer
Premium
join:2013-03-10
Graustark
kudos:7
Reviews:
·Optimum Voice
·callwithus
·Callcentric
reply to chip89
I went to that site and my Avast AV gives no problem.

The site also checks out OK on:

»safeweb.norton.com/
»asafesite.com/
»sucuri.net/

Either your AVG is giving you a FP (indeed whenever my wife sees "AVG" she says why would anyone use an "Average" program) or your DNS is malfed.


chip89
Premium
join:2012-07-05
Independence, OH
reply to StuartMW
It's a example image messages Avg gives out only stay on the screen for a few seconds.


chip89
Premium
join:2012-07-05
Independence, OH
reply to PX Eliezer
Using cox's DNS I went back it keeps blocking them.


chip89
Premium
join:2012-07-05
Independence, OH
reply to PX Eliezer
It looks like a small number of people are starting to get threats. »www.avgthreatlabs.com/sitereport···n/hp.com


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
Could be a FP (False Positive) or maybe HP's site has been hacked.
--
Don't feed trolls--it only makes them grow!


dib22

join:2002-01-27
Kansas City, MO
reply to chip89
I would scan your machine, or browser addons, or DNS as others have stated.. there is something weird happening on your machine. Grab Malwarebytes anti-malware and keep it in free mode so it wont conflict with avg... update it and scan your machine.

I have scanned the hp site with several web analyzers and found nothing.

I also followed links to the store from that page and added an item and went to check out with paypal and had no alerts.

Of course they could just have the infection on a particular cluster and I might not have hit that cluster, but I would check my PC if I were you, something is amiss.


chip89
Premium
join:2012-07-05
Independence, OH

1 recommendation

I scanned and updated Avg right away after I got this message nothing came up. It's also a new Hp on windows 8 It's not doing anything that it should't be doing so Avg made sure it did't get though.


chip89
Premium
join:2012-07-05
Independence, OH

1 recommendation

reply to StuartMW
It might be a false positive but it's better to be safe then sorry.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to chip89
I don't think any of us can say definitively what's going on right now. I'd take a wait'n'see approach. If it's a FP AVG will fix it. If HP is infected they'll fix it.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to chip89
No flags on my end.


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

4 edits
reply to chip89
Were you logged in to HP's site?
Who is joshfranklin?

Paypal phishing, 2008

http://paypal.com.cgi.bin.webscr.cmd.login.submit.dispatch.5885d80a13l1f8e263taee8d4026841ac68a446f69dad17fb2afeca6.joshfranklin.com/ca/43bf5744776e2d5939c1c42f7f898fd6/

»www.phishtank.com/phish_detail.p···=1440922

Phishwatch- Phish-sites

So AVG is doing the right thing.

Now you have to figure out why it is altering you?
Something on your machine, or elsewhere?
(Nothing stood out at HP, not that I would necessarily know.)


norwegian
Premium
join:2005-02-15
Outback
Not sure if it is legit or not but this unpacker link from the link you provided suggests a few places where exploits can be used due to:
•swf file
•cPanel
•secure http, but not secure socket

I know somewhere else that lists links as secure and are http.
I tried to explain but no one wanted to listen, maybe the gurus here could start a topic specific to this again to high light the issues it raises.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18
reply to chip89
said by chip89:

I want to Hp's website to get some info for my new computer When I went to the site it was infected! I found this out when Avg blocked a threat from Hp's website the message looked like this!

The url is not at HP, but at joshfranklin.com. See your own image below.



--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
But that does not (necessarily) mean that something malicious had not found its way onto HP's website (through an ad or IFRAME or whatever, pointing back to joshfranklin).

---

above:
quote:
Now you have to figure out why it is altering you?
s/alerting/altering/


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to chip89
I dont think were getting the full picture from the OP. Almost sounds like he clicked a link on spam email.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
Well the OP stated to me

quote:
It's a example image messages Avg gives out only stay on the screen for a few seconds.
In regard to the image

»Hp website

Doesn't sound right to me but...
--
Don't feed trolls--it only makes them grow!