Avast WEBforum

Other => Viruses and worms => Topic started by: angelospagnol on January 30, 2013, 10:40:52 PM

Title: Why is my WebSite Flagged by AVAST?
Post by: angelospagnol on January 30, 2013, 10:40:52 PM

Hi, i´m the owner of a website i use to host some JPG images for my online sales in brazilian ebay. Avast is returning false alert and scaring some of my costumers. Heres a example of the product i´m selling: http://produto.mercadolivre.com.br/MLB-461460021-nintendo-3ds-destravado-original-varias-cores-c-150-brinde-_JM (http://produto.mercadolivre.com.br/MLB-461460021-nintendo-3ds-destravado-original-varias-cores-c-150-brinde-_JM)
On this webpage the imagens hosted on my website,http://wiiclubgameseacessorios.com (http://wiiclubgameseacessorios.com) are all getting false alarms. Please check why my JPG files are beeing flaged.

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: polonus on January 30, 2013, 10:49:47 PM

Content after the < /html> tag should be considered suspicious. It sends the message "Please come hack this site!" to every hacker in the world.

1548:

There might be an IP blocked there, because of  JS/Downloader.Agent from another domain on IP  66.96.147.118. and EXPLOIT-KIT Redkit exploit kit redirection attempt from 66.96.147.118 (see: http://urlquery.net/report.php?id=795802)

polonus

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: Pondus on January 30, 2013, 10:56:22 PM

And what is it avast say?

A screen shot of the warning would help....

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: polonus on January 30, 2013, 11:03:20 PM

Hi Pondus,

Avast says "Infection: URL:Mal", consistent with my theory of the IP being blocked by avast Network Shield because of malware being launched from that abused, misused server...
2013-01-21 22:41:04   0 / 1   htxp://www.ncssma.org/regional_assns/NYMS/wpscripts/jsNavBarFuncs.js   [United States] 66.96.147.118
2013-01-20 03:21:13   0 / 1   hxtp://www.ncssma.org/regional_assns/NYMS/wpscripts/global_navtree.js   [United States] 66.96.147.118
2013-01-05 07:30:20   0 / 1   htxp://www.qloup.com/c18.html   [United States] 66.96.147.118
2013-01-05 07:30:12   0 / 1   htxp://www.qloup.com/   [United States] 66.96.147.118
2012-12-30 02:55:39   0 / 4   htxp://redhead.uxxxporn.com/?video=11068   [United States] 66.96.147.118
2012-12-27 02:14:19   2 / 2   htxp://www.thebakertwins.com/thebtguys.com/   [United States] 66.96.147.118

polonus

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: Pondus on January 30, 2013, 11:12:40 PM

Several detected websites hosted on same IP
urlvoid.com/ip/66.96.147.118/

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: angelospagnol on February 04, 2013, 10:55:51 AM

So What should i Do? The page is hosted by www.ipage.com and i don´t own the host so i can do nothing about the other webpages on the same IP. And i Wonder why only avast is getting a FP in my site, the other Anti-Viruses don´t.

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: polonus on February 04, 2013, 05:31:12 PM

You could report a possible FP here: http://www.avast.com/contact-form.php?loadStyles and ask for a domain exclusion from the general IP block,

polonus

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: angelospagnol on February 09, 2013, 03:31:47 PM

Do they take too long to answer? Because when i´ve started this post i´ve mailed them using that link and got zero answer till now.

Title: Re: Why is my WebSite Flagged by AVAST?
Post by: polonus on February 09, 2013, 03:37:14 PM

They won't answer here, but in case of a genuine FP they are known to react soon with an update to cure it.
If the site is malicious, it should be cleansed first, before unblocking could take place...

polonus