Author Topic: False positive report  (Read 3553 times)

Offline Vortex00

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
False positive report
« on: March 30, 2013, 06:43:33 AM »
Avast is reporting false positive on my domain for a file that does not exist on my site directory structure.
I also have the request forbidden as a secondary measure via htaccess.
I have gotten no response from the Flash Positive tool to report problems, also not even from multiple users telling me they also have gotten no replies back.

Domain[NSFW]: http://www.spiralvortexplay.com/

I know the code for this site as I programmed a most of it myself from scratch.

multiple reports all show clean so if you can look into this issue it would be appreciated thanks.
https://www.virustotal.com/en/url/ee78870e41d4dfffc3898018f46cb5a49a578c2d1a09c2bfc758feafb52fca37/analysis/1364627640/
http://sitecheck.sucuri.net/results/www.spiralvortexplay.com/
http://www.unmaskparasites.com/security-report/?page=spiralvortexplay.com

something outside of my site is making calls to it but as I mentioned it does not exist and I also have it forbidden which can be seen here at the bottom.
http://urlquery.net/report.php?id=1685608



Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: False positive report
« Reply #1 on: March 30, 2013, 08:13:20 AM »
what does avast say?
a screenshot of the avast warning would help....

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.



Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: False positive report
« Reply #3 on: March 30, 2013, 08:53:39 AM »
it is easier if you crop the pic to just show the warning...

anyway, avast say URL:mal....that does not mean infected but that it s on a block list....for whatever reason

urlvoid report. http://www.urlvoid.com/scan/spiralvortexplay.com/
MyWot. http://www.mywot.com/en/scorecard/spiralvortexplay.com 

running your IP (174.122.1.20)  here, show blacklisted by Barracuda.   
http://whatismyipaddress.com/blacklist-check

« Last Edit: March 30, 2013, 08:58:41 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Vortex00

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: False positive report
« Reply #4 on: March 30, 2013, 12:25:06 PM »
Thanks for the reply. It is not something I would notice at a glance because they all appear to be green



MyWot score seems to be low for no justifiable reason aside from Child Safety. I can't see how the other categories even apply.
It is my site where I post my personal art and games.

I would request a the WOT users to check the site however the Avast warning from the Barracuda rating I'm sure would cause them to vote it low.
And I have a hunch the Barracuda score factors in the on the WOT rating.

You can see the dilemma here.

for the time being I have sent a removal request to barracudacentral.org

assuming it is removed, would the Avast system automatically recognize the change?
« Last Edit: March 31, 2013, 08:51:11 PM by Vortex00 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: False positive report
« Reply #5 on: March 30, 2013, 01:44:36 PM »
Quote
assuming it is removed, would the Avast system automatically recognize the change?
no sure what list avast use or if they have there own

you can report it here.  http://www.avast.com/contact-form.php.   change subject to suite your case
you may add a link to this topic in case they reply

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Vortex00

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: False positive report
« Reply #6 on: March 30, 2013, 02:29:30 PM »
Thanks, this is the tool I mentioned in the third line of my first post that I, nor anyone who has reported the issue on my site, has gotten a reply from.
I had a typo of "Flash Positive" instead of "False Positive"

Do you happen to know what the average wait time for this is?
« Last Edit: March 30, 2013, 03:20:52 PM by Vortex00 »

Offline !Donovan

  • LÖVE Scripting Website Analyst
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2138
  • Gender: Male
  • f(x)=2x+1
    • The WAR Against Malware
    • Personal Message (Offline)
Re: False positive report
« Reply #7 on: March 30, 2013, 02:54:16 PM »
Hi Vortex00,

Generally, avast! will correct the issue in under 24 hours.

If the problem persists, please notify us. We would be glad to help.

~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Useful Links: Sucuri SiteCheck | WAR | urlQuery | URLVoid | Wepawet

Offline Vortex00

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: False positive report
« Reply #8 on: March 30, 2013, 03:21:51 PM »
Okay thanks, I will come back to this issue a bit later then.

Offline Vortex00

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: False positive report
« Reply #9 on: March 31, 2013, 07:14:18 PM »
Hi it has been well over 24 hours since, myself and others have I tried the avast contact-forum, which was even before my first post on this forum.
Have gotten no response at all.

The form does not even send a confirmation e-mail or number or anything at all.
I have tried two different e-mails from hotmail and yahoo

an alternate solution would be appreciated, as it seems I am getting nowhere by using the contact form.

Thanks.
I can be contacted here SVortex00@hotmail.com

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: False positive report
« Reply #10 on: March 31, 2013, 07:24:48 PM »
well they usually dont reply......sometime they do here if you add link to the topic

is it still blocked?
IP is now removed form Barracuda   http://whatismyipaddress.com/blacklist-check

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2163
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: False positive report
« Reply #11 on: March 31, 2013, 07:43:05 PM »
Interesting.

Url:Mal popup block just by clicking the url link for this topic here at avast! forums.

Appears not to have been resolved yet.

See Attached below.
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20117
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: False positive report
« Reply #12 on: March 31, 2013, 08:46:20 PM »
Hi mchain,

Can confirm on opening thread I get URL;Mal /attachment.php?aid=529 for the process of the browser executable

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Vortex00

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: False positive report
« Reply #13 on: March 31, 2013, 09:15:07 PM »
Thanks I appreciate the replies.

Not resolved indeed. The issue is still present.

The image I posted showing the scans all green was hosted on my domain, which Avast still has on it's hit list apparently...
I removed the image from my post which should hopefully clear up the issue here in this thread.

Mentioning Avast personal managing the contact form don't usually reply raises several questions.
I'm curious in what way the person reporting the claim can confirm some action was taken if they do not reply. And why does the form have a required e-mail?
I had a thought recently that perhaps they do not work on weekends?

As for Barracuda, it temporarily makes the status of my website IP to neutral, or not "poor", for 30 days while they review it. I have gotten no response yet from them either, on the sites it mentions it takes less then 12 hours, however it has been more then 30 hours so far.

Pondus mentioned URL:Mal can be from a blacklist, however Avast points out a very specific file when the message appears. I file that is not present on my website.
This URL:Mal issue happened recently this month, and that file has not existed on my site for several months now.

Any Ideas?

Offline jccq89

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: False positive report
« Reply #14 on: March 31, 2013, 09:24:54 PM »
I can confirm on that. I access the website on a daily basis and exactly from night to day it started saying its infected... I was accessing normally at night, the other day, all of sudden, it started saying that it got problems. And i sent a false report from a week ago and got nothing yet too. I use Avast for years now, 5 years or more, and I access this website for more than 2 years and it never said anything. For 2 week i needed to disable avast so that i can talk and post on their forums. I have a lot of other anti-virus programs here and none of them find anything strange on my pc or the website...

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now