Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: titodj on December 04, 2010, 01:16:09 AM
-
I have check and recheck and cant find anything wrong, but AVAST still reports some kind of infection, but none of the users with other antivirus report any problems, what should I do.?
This is one of the addresses the users are reporting.
http://miespaciovirtual.com/pagos/Mex/
Thanks...
-
I have check and recheck and cant find anything wrong, but AVAST still reports some kind of infection, but none of the users with other antivirus report any problems, what should I do.?
This is one of the addresses the users are reporting.
http://miespaciovirtual.com/pagos/Mex/
Thanks...
Hi titodj; Have you done a boot-time scan...just curious. I so anything detected...Usaully with boot-time scan the scan halts when a 'bad boy' is hit and then will ask you with some choices what you want to do. Any identification or file/name produced by Avast?
-
a boot time scan will not detect a malicious web site. Boot time scan is something you use when the normal scan have found an infection but can not remove it
VirusTotal - URLscan - Phishing site
http://www.virustotal.com/url-scan/report.html?id=c6675b06e10f7a76ce95161b35bb9f35-1291419639
NoVirusThanks - URLscan - INFECTED
http://vscan.novirusthanks.org/analysis/b26eeb8e3791c21db91b89a7d681bb55/aW5kZXg=/
URLVoid - SUSPICIOUS
-
Yeah it is infected. It has some kind of obfuscated script injected in the main index.html file
Avast is always good with this kind of attack ;D
-
Looks like your previous problem is back, when you though it a false positive then also.
http://forum.avast.com/index.php?topic=61950.0 (http://forum.avast.com/index.php?topic=61950.0)
-
Thank you all.... But...
With all due respect, does anyone even bother to look at the source of the URL we're talking about??
http://miespaciovirtual.com/pagos/Mex/
I might be wrong but I cant see where a malicious code could be hiding there...
BTW when I put that URL in Virus Total, it comes back clean??
I have users there all the time with all kinds of antivirus, and only AVAST gives them a positive, my problem is I don't know why?
The two URL's I'm interested in, because are the ones people complains, are
http://miespaciovirtual.com/pagos/Mex/
http://miespaciovirtual.com/pagos/
And as I said, I cant find anything wrong in them...
Thanks....
-
***
I tried both links and I get :
"Connection closed by remote server"
***
-
Weird....
I can see them fine, but, it is the time when the server has more load, so I guess its possible the server was busy at the time...
-
The problem is that the main page is infected hxxp://miespaciovirtual.com/ and avast network shields blocks that website and all websites containing *miespaciovirtual.com* in them.
the other pages http://miespaciovirtual.com/pagos/Mex/ and http://miespaciovirtual.com/pagos/ don't seem to be infected.
-
The problem is that the main page is infected hxxp://miespaciovirtual.com/ and avast network shields blocks that website and all websites containing *miespaciovirtual.com* in them.
the other pages http://miespaciovirtual.com/pagos/Mex/ and http://miespaciovirtual.com/pagos/ don't seem to be infected.
Last night I did find a weird code in the "root" of the website, and was removed, but the two URL's in question are ALWAYS reached by a direct referrer and there are no links between the root and this two URL's, in other words, people trying to get to those two URL's never visit another part of the website.
That's why I didn't even look at the "root" of the website, anyway, if I'm understanding this right, AVAST is not really scanning the pages in real time, but relaying in some kind of database??
Or how is that you can get a positive in a clean page if another page in the site (with no internal links between) is infected?
Finally and more important what should to get rid of those false positives that AVAST is giving to my users??
-
False positive, I am currently trying out products like avast and bitdefender, I can say this is a false positive. I entered this page and antivirus pro bitdenfender I have not detected anything his shield, malwarebytes' antimalware and also not use comodo firewall. So I guess I have a protective false dared to enter and nothing happened.
a screenshot
(http://www.imagechile.net/img/forumavast992695.png)
-
So ???
What I should do??
AVAST keep's giving my users a FALSE positive...
(http://img228.imagevenue.com/loc524/th_74221_00000_122_524lo.jpg) (http://img228.imagevenue.com/img.php?image=74221_00000_122_524lo.jpg)
-
agree with Pondus & Virus total..you donot make anything on the website and you ask for donation? Shocked
I can ask for a donation just because my face is pretty... and the users decide if they do or don't donate...
The problem here is that AVAST is reporting an infection that does NOT exist!!!
its really funny to me that in a forum hosted by an anti virus product every one is relaying in information from other websites.
I have yet to see anyone pointing to an "infection" on the code of my website...
(http://img176.imagevenue.com/loc252/th_16693_dfgd_122_252lo.jpg) (http://img176.imagevenue.com/img.php?image=16693_dfgd_122_252lo.jpg)
File Info
Report date: 2010-12-06 07:50:35 (GMT 1)
File name: miespaciovirtual-com
File size: 5073 bytes
MD5 Hash: d2ee18c70c6bc4dcf3778cf6f0a9697e
SHA1 Hash: a0ae82f4e72f4edb2b761c71e5afe80d958bd43d
Detection rate: 0 on 16 (0%)
Status: CLEAN
Detections
a-squared -
Avast -
AVG -
Avira AntiVir -
BitDefender -
ClamAV -
Comodo -
Dr.Web -
F-PROT6 -
Ikarus T3 -
Kaspersky -
NOD32 -
Panda -
TrendMicro -
VBA32 -
VirusBuster -
Scan report generated by
NoVirusThanks.org (http://novirusthanks.org)
-
Hello,
the reason your site is still blocked is that there were several problems in the past (actually it is flagged as malicious since 2009). And as this forum thread proves, your site has still security issues (talking about that malicious code on your homepage. Looks like someone has injected that code there and deleting it does not solve it - or just for a short time). It looks like you have a security problems - maybe your password has been stolen?
Alena Varkockova