False positive on my website

[moosegal]

There is a false positive on my wordpress and I can not log into my control panel because I am completely blocked out.  I know this is a false positive because I scanned it at VirusTotal.com and people using AVG and McAfee have no problem accessing my pages.  I do not like getting a mark on my reputation and I have changed the name of my wordpress folder and it is now off line.  How long before this is rectified? I have sent the report only minutes ago using the contact form.  At the moment the only way to test is by using google search (moosegal.com/moosedroppings) and cached view.  Being locked out also means that if there really had been a virus, I could not get to it to remove it thanks to my avast antivirus.     Wee bit of flaw, no over-ride button. 

[Eddy]

It is a problem with the webshield.
Since you have it reported, have patience.
It will be fixed by the people from Avast.
Make sure you have the latest version of WordPress installed.

[moosegal]

Just reloaded it in the server and shut down my antivirus.  Got into my control panel and took the latest update.  Also emptied my pending comments.  I have checked each and every file for anything that shouldn't be there.  I will take it back off line for next few days.  Unfortunately I can not remove cached pages from google search engine to wait for problem to be fixed.     Thank you for your quick reply. 

[Eddy]

I suggest not to take it offline since there still are people who can access it.
Why disappoint them when not needed?
There is no need for that in my opinion.

And there is no need to disable Avast, just disabling the webshield temporarily should allow you (and the visitors) to access that part of the website just fine.
Ofcourse don't forget to enable it again after the next update 

[moosegal]

Would love to leave it up, however, people with avast installed on machine that is not aware it is a false positive would think I am trying to give them a virus.  I have a down for maintenance page I will put up.  Eventually I will create my own template and eliminate wordpress completely.  Wordpress and my server provider have issues every time the server undergoes security changes.   Wordpress has been a bit of a thorn in my side. 

Again thank you for your quick response. 

[Eddy]

Just a thought, create a page where you mention the problem and tell people to disable the webshield temporarily (if they use Avast) and when they click on a "continue button" they will be send to the WordPress section. It is ofcourse a workaround, but people will be able to access the section just fine.

[polonus]

Hi moosegal and Eddy,

As the OP stated that his WP version was outdated at time of detection, there is reason to be concerned.
Furthermore the OP never gave a broken link to the website involved, like that checked first.
Example: http://www.trustmyweb.com/reviews/moosegal.com & http://scanurl.net/?u=moosegal.com&uesb=Check+This+URL#results
Disabling one of the avast shields is an advice I would hesitate to give under these circumstances.
The avast! shields are an integrate part of overall av online protection,
I am not to lower "the visor of my protecting helmet"
AVG and McAfee not flagging is not a guarantee this is a false positive.
Like to see a confirmation first (maybe an avast team member, like Milos, could give the final word on this)
Kernel Wordpress flaws and bugs are known soon to be patched,
but various themes and plug-ins are known not to be coded with security as a first priority.
Too much excessive system information and attackers know what to abuse and you are "cat's food"....
Strange is I see no alerts going to htxp://www.moosegal.com/moose/index
is that the uri that is being flagged? At moosedroppings I get:
"Sorry!  We are down for a long overdue maintenance.
Please come back and check again.
Expected date of maintenance completion:
October 10, 2013" (no avast! Webshield alerts)

polonus