Avast WEBforum
Other => Viruses and worms => Topic started by: Phoenix062 on January 22, 2013, 08:22:25 AM
-
Hello,
I am French and I work with a translator. Thank you forgiven me for translation error that could occur.
Here is my problem: Since yesterday I have an avast alert: Url: evil I block access to my forum and ebay page that has some pictures of my forum. I analyzed my pc with avast and it found nothing.
Thank you for your help.
-
what URL is this ?
-
hi Phoenix062,
Can you attach a screenshot of the URL: Mal warning box? URL: Mal is an Avast! detection block of a blacklisted web site and should present a "Connection was reset" error in your browser as the outcome of the Avast! block.
Please also provide the url causing the alert but modified as hxxp://www..... Doing so will protect other Avast! users here from harm should they click the modified url link.
-
Here is the screenshot of blocking :
(http://img15.hostingpics.net/pics/9726075501.jpg) (http://www.hostingpics.net/viewer.php?id=9726075501.jpg)
-
-> http://zulu.zscaler.com/submission/show/ecdb77a8e9e7cb2d379d59e73115999f-1358842617
-
So if I understand your analysis, it is installed on my forum geolocation causing this?
-
Thank you for the screenshot.
sucuri reports as invalid url not found here: http://sitecheck.sucuri.net/scanner/ (http://sitecheck.sucuri.net/scanner/)
zulu reports as suspicious here: http://zulu.zscaler.com/submission/show/ecdb77a8e9e7cb2d379d59e73115999f-1358842145 (http://zulu.zscaler.com/submission/show/ecdb77a8e9e7cb2d379d59e73115999f-1358842145)
urlquery reports as ip detection here: http://urlquery.net/report.php?id=797641 (http://urlquery.net/report.php?id=797641)
urlvoid report here: http://www.urlvoid.com/scan/phoenix062.fr/ (http://www.urlvoid.com/scan/phoenix062.fr/)
ipvoid report here: http://www.ipvoid.com/scan/217.16.2.105/ (http://www.ipvoid.com/scan/217.16.2.105/)
WOT report here: http://www.mywot.com/en/scorecard/217.16.2.105 (http://www.mywot.com/en/scorecard/217.16.2.105) Phishing site.
-
if you enter the URL at PhisTank you get nada......
however if you enter the IP (217.16.2.105) you get this....a fake PayPal
http://www.phishtank.com/phish_detail.php?phish_id=1284691
and listed at spamhaus http://www.spamhaus.org/query/ip/217.16.2.105
-
what should I do?
-
Are you the site admin?
-
yes, this is a forum on the thumbnails car
-
however if you enter the IP (217.16.2.105) you get this....a fake PayPal
Also see: http://zulu.zscaler.com/submission/show/c3226bae7d051a8ecc2e461f9cd9efea-1358844617
-
you can try to get Sucuri to help you?.....not free. http://sucuri.net/signup
-
however if you enter the IP (217.16.2.105) you get this....a fake PayPal
Also see: http://zulu.zscaler.com/submission/show/c3226bae7d051a8ecc2e461f9cd9efea-1358844617
quote Zulu analyzer
SURBL Block URL Domain Result: Blacklisted in multiple real-time domain blocklists
-
I have to contact my hosting provider by phone and he tells me that my forum is safe?
I'm lost
-
I have to contact my hosting provider by phone and he tells me that my forum is safe?
I'm lost
Send him the link to this topic: http://forum.avast.com/index.php?topic=113401.0
-
After I release my link, it finds nothing.
It there a way to clean it all myself?