HTML:URL-inf [Susp] — AVG HTML URL-inf Detection

by Wilbur Woodham
August 8, 2023

HTML:URL-inf[susp] is a detection name utilized by several antivirus engines. It is commonly observed, particularly among users of Avast products. HTML:URL-inf indicates that the antivirus program has blocked access to a website that appeared suspicious to it. However, it’s important to note that false detections can also trigger this alert, so it may not always indicate a genuine threat.

What is HTML:URL-inf [Susp]?

The details of this detection can be understood to some extent from its name. HTML:URL-inf indicates that the detection is associated with the internet connection, and the [susp] part suggests that the connection is considered suspicious. Antivirus programs such as Avast, AVG, or Avira, which utilize this detection name, are not entirely certain if the website contains malicious content. Nevertheless, they opt to block access to the site as a precautionary measure. It is possible to encounter this error even when the connection is established, everything appears normal, and you are visiting legitimate websites like Yahoo Mail or others.

Avast HTML:URL-inf[susp]

Thread about the HTML:URL-inf [Susp] detection on Avast forum

In cases where a legitimate website triggers the HTML:URL-inf detection, it is highly likely to be a false positive. This situation commonly occurs when using a free antivirus tool from the mentioned vendors. The free license policy for Avast, Avira, and AVG antiviruses states that while you can use these programs for free, certain important elements are lacking. These elements include regular database updates, updates to the heuristic engine, and minor updates that contain bug fixes, among other things.

Short description of the HTML:URL-inf detection:
Name HTML:URL-inf
Appears While browsing the Web as well as randomly
Possible reasons Outdated anti-malware program, malware presence
Removal method
To remove possible virus infections, try to scan your PC

Without the regular updates of the detection database and heuristic engine, it is pretty easy to see that some of the legit programs on your PC are malicious. In fact, they don’t contain any portion of the malicious code, but outdated databases don’t think so. Things are even worse when we are talking about the heuristic engine. It can be triggered on literally everything when it is not set up. And the updates bring these settings to the heuristic module. Without them, you will constantly spectate things like HTML:URL-inf[susp] or IDP.Alexa.53 virus messages.

Is the HTML:URL-inf dangerous?

There is the probability that HTML:URL-inf detection is caused by malware-related changes in your networking settings. A wide range of viruses modifies your HOSTS file or other setups that are responsible for background services work. In this case, the malicious connection is blocked, but the exact virus is not. It can conduct its activity as nothing has happened, so your computer is still in danger. Thus, you must check your PC for the possible presence of malware.

Malware modified the hosts file

The result of the malware activity: HOSTS file became full of blocking entries

How dangerous are the sites?

Legitimate pages, like Twitter, Facebook, Google or so, are not dangerous at all. You can find some malicious content on these pages, but thanks to the heavy moderation of these things, it is very hard to find something that can harm you and your computer. But the Internet consists not only of legit and well-moderated pages.

The majority of antiviruses block the pages that contain malicious advertisements. Those banners have a malicious link inside, and only the crook who posted it knows where this link leads. Instead of redirecting to a really malicious page, this link may start the downloading of the unknown application, or redirect you to the exploit page. Such tools as RIG exploit kit are used exactly to inject malware through such redirects.

RIG exploit kit usage scheme

RIG exploit kit usage scheme

People often ignore the Internet as a source of various viruses. In fact, all malware is spread through the Internet, and it is stupid to deny it. Malware development increased tenfold in the 90s’ when people got easy access to the World-Wide Web. Well-designed anti-malware software usually has a network protection feature that blocks all possible malicious connections. But when your security tool shows you the HTML:URL-inf message after opening Yahoo – it is a pretty bad sign. That usually means that your antivirus tool has problems with correct detection, and possibly cannot detect the malicious pages.

How to get rid of the HTML:URL-inf detection?

Since this detection appears to be a false detection of the malicious site, the best way is to update your antivirus tool. It will likely get a patch that will solve the error that causes the appearance of HTML:URL-inf. But first of all, you must check if this detection is really false, or something has changed your networking settings and attempts to connect to its server.

Scanning in GridinSoft Anti-Malware
  • During the scan, you may see the detected items. When the scan is over, you can choose the action you want to take for each detection. Press the “Clean Up” button to remove all malware, or “Apply” if you put your own settings.
    • GridinSoft Anti-Malware scan results
  • After the scanning, it is recommended to enable Online Protection and On-Run protection. Those functions are located in the Protection tab.
    • Protect tab in GridinSoft Anti-Malware

    Another detections from Avast

    • Posts not found

    About the author

    Wilbur Woodham

    Technical writer covering malware detections, unwanted programs, and browser-based threats. Wilbur turns research notes into step-by-step guides that Windows users can follow safely.

    View all posts

    Leave a Comment