Avast WEBforum
Other => Viruses and worms => Topic started by: Vortex00 on March 30, 2013, 08:43:33 AM
-
Avast is reporting false positive on my domain for a file that does not exist on my site directory structure.
I also have the request forbidden as a secondary measure via htaccess.
I have gotten no response from the Flash Positive tool to report problems, also not even from multiple users telling me they also have gotten no replies back.
Domain[NSFW]: http://www.spiralvortexplay.com/
I know the code for this site as I programmed a most of it myself from scratch.
multiple reports all show clean so if you can look into this issue it would be appreciated thanks.
https://www.virustotal.com/en/url/ee78870e41d4dfffc3898018f46cb5a49a578c2d1a09c2bfc758feafb52fca37/analysis/1364627640/
http://sitecheck.sucuri.net/results/www.spiralvortexplay.com/
http://www.unmaskparasites.com/security-report/?page=spiralvortexplay.com
something outside of my site is making calls to it but as I mentioned it does not exist and I also have it forbidden which can be seen here at the bottom.
http://urlquery.net/report.php?id=1685608
-
what does avast say?
a screenshot of the avast warning would help....
-
Infection Details
URL: http://www.spiralvortexplay.com/chat/cha...y.php?secs
Process: C:\Users\Jean Codas\AppData\Local\Google\Chrome\Application\chrome.exe
Infection: URL:Mal
Link to report:
http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fpt-br%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Users\Jean%20Codas\AppData\Local\Google\Chrome\Application\chrome.e%E2%80%8Bxe&p_obj=http://www.spiralvortexplay.com/chat/chat_display.php?secs=1364009039955&p_var=.%2Ffa%2Fpt-br%2Fvirus-alert-default&p_pro=0&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=9068&p_lng=en&p_lid=pt-br&p_elm=7&p_vbd=1483
It beeps and says its chrome and give a big amount of reports that never ends like on this picture:
(http://s23.postimg.org/e2yu56j8r/Avast_problems.jpg)
-
it is easier if you crop the pic to just show the warning...
anyway, avast say URL:mal....that does not mean infected but that it s on a block list....for whatever reason
urlvoid report. http://www.urlvoid.com/scan/spiralvortexplay.com/
MyWot. http://www.mywot.com/en/scorecard/spiralvortexplay.com
running your IP (174.122.1.20) here, show blacklisted by Barracuda.
http://whatismyipaddress.com/blacklist-check
-
Thanks for the reply. It is not something I would notice at a glance because they all appear to be green
MyWot score seems to be low for no justifiable reason aside from Child Safety. I can't see how the other categories even apply.
It is my site where I post my personal art and games.
I would request a the WOT users to check the site however the Avast warning from the Barracuda rating I'm sure would cause them to vote it low.
And I have a hunch the Barracuda score factors in the on the WOT rating.
You can see the dilemma here.
for the time being I have sent a removal request to barracudacentral.org
assuming it is removed, would the Avast system automatically recognize the change?
-
assuming it is removed, would the Avast system automatically recognize the change?
no sure what list avast use or if they have there own
you can report it here. http://www.avast.com/contact-form.php. change subject to suite your case
you may add a link to this topic in case they reply
-
Thanks, this is the tool I mentioned in the third line of my first post that I, nor anyone who has reported the issue on my site, has gotten a reply from.
I had a typo of "Flash Positive" instead of "False Positive"
Do you happen to know what the average wait time for this is?
-
Hi Vortex00,
Generally, avast! will correct the issue in under 24 hours.
If the problem persists, please notify us. We would be glad to help.
~!Donovan
-
Okay thanks, I will come back to this issue a bit later then.
-
Hi it has been well over 24 hours since, myself and others have I tried the avast contact-forum, which was even before my first post on this forum.
Have gotten no response at all.
The form does not even send a confirmation e-mail or number or anything at all.
I have tried two different e-mails from hotmail and yahoo
an alternate solution would be appreciated, as it seems I am getting nowhere by using the contact form.
Thanks.
I can be contacted here SVortex00@hotmail.com
-
well they usually dont reply......sometime they do here if you add link to the topic
is it still blocked?
IP is now removed form Barracuda http://whatismyipaddress.com/blacklist-check
-
Interesting.
Url:Mal popup block just by clicking the url link for this topic here at avast! forums.
Appears not to have been resolved yet.
See Attached below.
-
Hi mchain,
Can confirm on opening thread I get URL;Mal /attachment.php?aid=529 for the process of the browser executable
pol
-
Thanks I appreciate the replies.
Not resolved indeed. The issue is still present.
The image I posted showing the scans all green was hosted on my domain, which Avast still has on it's hit list apparently...
I removed the image from my post which should hopefully clear up the issue here in this thread.
Mentioning Avast personal managing the contact form don't usually reply raises several questions.
I'm curious in what way the person reporting the claim can confirm some action was taken if they do not reply. And why does the form have a required e-mail?
I had a thought recently that perhaps they do not work on weekends?
As for Barracuda, it temporarily makes the status of my website IP to neutral, or not "poor", for 30 days while they review it. I have gotten no response yet from them either, on the sites it mentions it takes less then 12 hours, however it has been more then 30 hours so far.
Pondus mentioned URL:Mal can be from a blacklist, however Avast points out a very specific file when the message appears. I file that is not present on my website.
This URL:Mal issue happened recently this month, and that file has not existed on my site for several months now.
Any Ideas?
-
I can confirm on that. I access the website on a daily basis and exactly from night to day it started saying its infected... I was accessing normally at night, the other day, all of sudden, it started saying that it got problems. And i sent a false report from a week ago and got nothing yet too. I use Avast for years now, 5 years or more, and I access this website for more than 2 years and it never said anything. For 2 week i needed to disable avast so that i can talk and post on their forums. I have a lot of other anti-virus programs here and none of them find anything strange on my pc or the website...
-
Hi Vortex00,
When a website is blacklisted by avast!, any url linking to it, including non-existing pages, will be blocked.
I personally do not know why this issue hasn't been resolved yet. To help out, I've also sent a false positive report for your website.
Being a webmaster myself, I know the difficulties of getting a site removed from blacklists.
Greets,
~!Donovan
-
This popped up after clicking on topic. Never mind. Forgot to crop the threat warning.
-
Hi !Donovan,
This could date back from an earlier Flash malware detection, now been cleansed: http://urlquery.net/report.php?id=1542746
2013-03-22 06:23:39 184.173.167.109 urlQuery Client 3 FILEMAGIC Macromedia Flash data (compressed),
And that created the URL:Mal
But itcould also be for that particular IP being blocked, e.g. 184.173.167.109 for histats dot com domain that held/holds malware...
On that IP there was this malware being detected: https://www.virustotal.com/nb/file/42bc05ae1fd022d4d77c2bb7ebd7032d31a888ab28a435d826868c5257611100/analysis/ (not recently)
polonus
-
Hi Polonus,
Thank you for the clarification. So it is a legit block, I see.
The only thing that's troubling me now is why they haven't added an exception for Vortex00's site yet. As the OP states, it's been well over 24 hours.
~!Donovan
-
Hi !Donovan,
We saw this problem a couple of times recently. You can block a particular IP, but with goodies and baddies on it, you have to discriminate as per domain.
With 6 domains there is less of a problem. With 14.700 sharing the same IP number blocking that IP you may have created a problem.
polonus
-
Thanks for all the replies
I appreciate the help on this matter
Histats was removed prior to sending the information in the contact-form.
Though it seemed like an innocent enough web tool to simply track users that visit a website, I noticed that it somehow created a problem during scans of my website to figure out this avast url:mal issue.
That IP should no longer be affiliated with the IP for my site.
My domain itself has/had no issues at the time of me filling out the contact form.
I don't know about other sites on my IP, but if my domain needs to be cherry-picked out of the bunch then that needs to happen.
-V00
-
Hi Vortex00,
It should be fixed in the next VPS update.
~!Donovan
-
This is good news! thanks !Donovan :D
-
there was an update today but i still can't access the website...
-
May I get a suggestion for the next steps I need to take please?
also polonus,
I don't how that could have triggered the URL:Mal because again, we are talking about a specific file that avast points out, chat_display.php .
The file, at the time before deletion, was php and not linked to flash in any way.
-
Hi guys,
the website has been unblocked. That should come to effect in the next streaming/regular update.