Author Topic: Avast Free detects URL:Mal on my site. How can I fix it?  (Read 3099 times)

Offline GeorgeKP

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Avast Free detects URL:Mal on my site. How can I fix it?
« on: September 02, 2011, 09:52:01 PM »
Hello, all.

I'm employed in education in Russia (sorry for my poor english).
My company has web site http://www.licey1547.msm.ru/.
Some time ago a lot of my visitors started to complain that Avast blocked the site because it is infected by virus URL:Mal.

I myself use DrWeb antivirus, and it reports no problem on the site.

How can I realize why Avast desided that my site has this virus?
And how can I fix it? (I dont think that I can convince my visitors to throw Avast away :)

thanks in advance to all, who can help me.
« Last Edit: September 03, 2011, 06:05:22 AM by GeorgeKP »

Offline Para-Noid

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 4498
  • Gender: Male
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #1 on: September 02, 2011, 11:36:39 PM »
For what it's worth avast did pop-up "malware blocked".
Dell Inspiron, Win7x64 SP1, Pentium Dual-Core, 6 GB Ram, Avast Free 2014.9.0.2018, Comodo Firewall 5.12 w/D+, MalwareBytes Premium 2.0, MCShield, Super Anti-Spyware Free, SpywareBlaster, Bitdefender TrafficLight, OpenDNS Premium, Keyscrambler Personal,  PrivDog. CCleaner, Greenshot, Firefox (latest build) and, Google Chrome (latest build).

When you do something, do it with a purpose and do it on purpose.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64879
  • Gender: Male
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #2 on: September 03, 2011, 12:50:49 AM »
Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?
Maybe you could contact its webmaster.

Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0

Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).

Check here how to clean and make a website secure.

Quote
The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.

And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.
The best things in life are free.

Offline GeorgeKP

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #3 on: September 03, 2011, 05:08:37 AM »
For what it's worth avast did pop-up "malware blocked".

The problem is avast didn't only popup message but it blocked page loading at all.

Offline GeorgeKP

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #4 on: September 03, 2011, 05:33:19 AM »
Tech, thank you for helpful advice.
Wasn't the site hacked?
Maybe you could contact its webmaster.
I am webmaster myself. I have checked site as far as a can and found nothing wrong.

Quote
Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0
It seems that this is not the case: as I can see on my computer (no avast) all images are visible and there are no error messages.

I have checked my page on hidden iframes and didn't found them.

Offline craigb

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 8063
  • Gender: Male
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #5 on: September 03, 2011, 05:55:14 AM »
Please modify the link in your first post to make it unclickable.
VirusTotal shows that only avast and Gdata detect 3/44 so its more than likely a false positive

http://www.virustotal.com/file-scan/report.html?id=34369680d69a405aa3713fe41cde7cb373ee597d36ec0443ac72761ea73af317-1315029147
« Last Edit: September 03, 2011, 06:02:50 AM by craigb »
Windows 8.1 Pro X64/ IE 11/ Avast 9.0.2018/ MBAM Premium 2

Offline GeorgeKP

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #6 on: September 03, 2011, 06:04:23 AM »
My site is powered by Joomla 1.0 (russian translation and some custom modules)
Maybe the problem is in Joomla URL generation?

It always replaces ampersand sign in URL with & code, for instance:
Code: [Select]
http://www.licey1547.msm.ru/index.php?option=com_content&task=view&id=293&Itemid=53but no other software considers it a malformed URL

Does avast have any log file, where I can find more details about what it considered "mailformed URL"?
(I'm already tired trying to guess what is wrong with my site  ???)
« Last Edit: September 03, 2011, 07:05:03 AM by GeorgeKP »

Offline apratte

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #7 on: September 03, 2011, 12:55:14 PM »
Seems I am having a similar issue.

Over the past 2 weeks my website which is powered by Wordpress all of a sudden started poping up Malware URL blocked.

I've searched for encrypted, obfuscated script or iframe but none were found.

I had the site scanned but it has turned up clean

http://www.virustotal.com/url-scan/report.html?id=f00409cfddda46427aae4ebf1842c3d2-1315045924
http://www.avgthreatlabs.com/sitereports/domain/prattephoto.com/domain-search-widget/www.avg.com.au

I've contacted my web host on several occasions and they report no threats to the site.

Is there a log file that can provide more accurate results as to where the detection are made as I am at a loss.

http://prattephoto.com/

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #8 on: September 03, 2011, 01:06:22 PM »
@apratte

sorry but you are infected, try this    http://sitecheck.sucuri.net/scanner/

Malware entry: MW:JS:2368   http://sucuri.net/malware/malware-entry-mwjs2368


also see latest on  Sucuri blog    http://blog.sucuri.net/
« Last Edit: September 03, 2011, 01:09:30 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline apratte

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #9 on: September 04, 2011, 05:59:17 PM »
@apratte
sorry but you are infected, try this    http://sitecheck.sucuri.net/scanner/
Malware entry: MW:JS:2368   http://sucuri.net/malware/malware-entry-mwjs2368
also see latest on  Sucuri blog    http://blog.sucuri.net/

@Pondus

Thank you very much, your information was very helpful in resolving my website infection. 

Sucuri
web site:    http://prattephoto.com
status:    Verified Clean
web trust:     Not Blacklisted

 ;D

Offline GeorgeKP

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #10 on: September 08, 2011, 08:14:25 AM »
craigb, thank you very much for your testing my site at virustotal.
As we can see, only avast and GData (sorry, I dont know this antivirus) reports problem.

By the way, what is HTML:Script-inf, maybe someone can explain this?

@apratte
try this    http://sitecheck.sucuri.net/scanner/

Pondus, I tried this on my site too, and it reports my site is clean.

Also I posted requiest to my antivirus support (DrWeb) and they reported me no wrong objects on the site.


The porblem remains: what does it mean "HTML:Script-inf" and how can I fix it?
Maybe avast developers should fix it?  ;)

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24902
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #11 on: September 08, 2011, 08:19:53 AM »
The porblem remains: what does it mean "HTML:Script-inf" and how can I fix it?

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline GeorgeKP

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #12 on: September 11, 2011, 05:11:14 PM »
You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

Asyn, thank you very much, your link appears to be the most useful of all this advices :)

That is reply from avast support
Quote
Hello,

it was a false positive and will be fixed in the next VPS.

Best regards

Alena Varkockova


And they did fixed it, so I'm happy again :) :P

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #13 on: September 11, 2011, 05:22:15 PM »
You may want to go to to the Russian forum area:
http://forum.avast.com/index.php?board=28.0
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24902
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Avast Free detects URL:Mal on my site. How can I fix it?
« Reply #14 on: September 12, 2011, 06:46:23 AM »
Asyn, thank you very much, your link appears to be the most useful of all this advices :)

You're welcome..!
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now