Avast WEBforum
Other => Viruses and worms => Topic started by: mouath on August 07, 2012, 06:39:52 PM
-
vast is detecting my website is being malware infected, but doesn't specify any other details. Avast 2 days ago updated its list and this is causing the error. I checked my website on many sites and no malware is detected. What could be the reason for that? and how can I identify the problem so i can fix it.
attached are screen shots of warning we get, but there is no detail of the type of malware, just url:mal
I opened Ticket ID: PDN-718424 to track it also
your help is greatly appreciated
-
all these sites didn't find anything and said it was clean
1. https://www.virustotal.com
2. http://www.google.com/
3. http://www.urlvoid.com/
4. http://sitecheck.sucuri.net/
-
And what is your website URL ?
Can you attach a screenshot of the avast warning?
-
www.2mcctv.com
-
any ideas?
-
It would have been handy if you had posted the URLs of the analysis pages. But we will proceed with the assumption that these sites found nothing.
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
- If you are reporting an FP, then you get another input field open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for review (network shield), etc. A link to this topic also wouldn't hurt.
-
i did in the ticket MGS-401079 i opened
1. https://www.virustotal.com/url/3c5f912eed691a16d9929684e73ae17459ec6485a1633d93919ff279c6c462c4/analysis/1344356730/
2. http://www.google.com/safebrowsing/diagnostic?site=2mcctv.com
3. http://www.urlvoid.com/scan/2mcctv.com/
4. http://sitecheck.sucuri.net/results/www.2mcctv.com
-
i just submitted a false alarm ticket too
-
a suspicious domain alert here...
http://zulu.zscaler.com/submission/show/d1dabdbdc20df61b6786953c3027aa8f-1344367555
-
thats not malware, its green.
whats a suspicious domain name alert?It didn't make sense to me
-
you need to scroll down..... to the yellow arrow
-
Hi Pondus,
Here it is given as secure: http://www.mbi-connexion.com/securite/diagnostic/2--2mcctv.com
But I saw this issue:
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
wXw.mongoosemetrics.com/jsfiles/js-correlation/ benign
[nothing detected] (script) wXw.mongoosemetrics.com/jsfiles/js-correlation/
status: (referer=wXw.mongoosemetrics.com/jsfiles/js-correlation/mm-control.php
Found up here: http://xss.cx/2012/01/10/ghdb/xss-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report-01.html
injected ////getvar.js' type='text/javascript'etc"////
polonus
-
Thats not the problem, just for testing I removed it moongoose script from my side and still didn't do anything Avast still complained as being malware
-
Hi mouath,
I did not say there is an infection, but that script sure has XSS flaws as I showed from the link I provided.
The blocking should be reconsidered by the avast analysts, and they should remove it.
So wait for a coming update, as there was a malware domain block (now given as green where I last saw it)
and I do not know if that has been lifted yet,
polonus
-
ooh okay great
thanks for your feedback, great input
-
Hi Mouath,
If you look here: http://wepawet.cs.ucsb.edu/view.php?hash=62e496bb4e416959ebe8c9ecedfe0077&t=1344374463&type=js
and specially at the Network Activity requests, you see one with -> about:blank. It could well have been the malcode was initially there,
but has been cleansed. Just wanted to let you know what I spotted from this wepawet site analysis,
greets,
polonus
-
thanks polonus, good observation