Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: iphigirl on April 20, 2011, 02:45:10 PM
-
Today I am trying to load my forum and suddenly AVAST! block it saying "HTML:RedirBA-inf [TRJ] " could anyone tell me what is wrong with my forum?!?
http://z6.invisionfree.com/BlessedWings/index.php?http://s6.invisionfree.com/BlessedWings/index.php
-
Update the virus definitions, pls.
-
Do not want to create a new topic. But I have the same key problems. Avast was blocking my site with a notice that there is a virus, but other antivirus software did not find any virus on my site
Site address: www.magnum-blog.pp.ua
Maybe this is just another false alarm?
Technical support is silent on this issue, but for me it is important
-
If you already confirm this with
http://www.virustotal.com (http://www.virustotal.com)
http://virscan.org/ (http://virscan.org/)
and other additional alternatives as jotti.org and sucuri.net among others
then you can:
_ report a false positive here:
http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles)
_ send virus report or "possible FP /unconfirmed malware" or similar subjet to:
virus@avast.com
-
Do not want to create a new topic.
Why..???
Report 2011-09-19 11:11:57 (GMT 1)
Website magnum-blog.pp.ua
Domain Hash 10c12538e247ec8a04962c84aa8f6481
IP Address 78.47.94.244 [SCAN]
IP Hostname zoxt.sioru.com
IP Country DE (Germany)
AS Number 24940
AS Name HETZNER-AS Hetzner Online AG RZ
Detections 0 / 23 (0 %)
Status CLEAN
Report 2011-09-19 12:14:07 (GMT 1)
IP Address 78.47.94.244
IP Hostname zoxt.sioru.com
IP Country DE
AS Number N/A
AS Name N/A
Detections 0 / 26 (0 %)
Status CLEAN
-
I do not know how can this be, the site does not contain viruses. But avast still continues to block it.
He scolds partly on html tag <base href="http://www.magnum-blog.pp.ua/" />
If you remove it, instead of the previous virus, he begins to see on the site HTML: Script-inf
How can this ever be?
-
See Reply #3. ;)
-
can you post a screen shot of the avast warning ?
-
Sorry but at this point I do not have such an opportunity
-
can you post a screen shot of the avast warning ?
Here it is.
-
can you post a screen shot of the avast warning ?
Here it is.
Thank you.
Tell me, what was written in details?
You have a button "details" in the screen shot
-
1. Thank you.
2. Tell me, what was written in details?
1. You're welcome..!
2. Nothing important. ;)
-
I understand that nothing important. But for me it's important.
It's still my site
-
I understand that nothing important. But for me it's important.
It's still my site
Why don't you click on it yourself..???
-
I understand that nothing important. But for me it's important.
It's still my site
Why don't you click on it yourself..???
Due to the fact that I have is a different antivirus
P.S: Sorry for my english
-
Due to the fact that I have is a different antivirus
I see.
So ask the one who reported it to you to provide the link.
As mine is in German and wouldn't help you much. ;)
-
@Magnum,
If you can concentrate on sending this to Avast as a possible FP as instructed in reply #3, you could gain some time (instead of passively waiting for someone from Avast Team to see and read this topic).
The "details" (at least for now) is not specifically for "you" (your site), so that's why is not *that* important.
If it is indeed a FP, then Avast will solve this and your friend (and everyone else that has Avast) will be able to get to your site without problems, but for that to happen as promptly as it can, you should probably report this as suggested.
-
@Magnum,
If you can concentrate on sending this to Avast as a possible FP as instructed in reply #3, you could gain some time (instead of passively waiting for someone from Avast Team to see and read this topic).
The "details" (at least for now) is not specifically for "you" (your site), so that's why is not *that* important.
If it is indeed a FP, then Avast will solve this and your friend (and everyone else that has Avast) will be able to get to your site without problems, but for that to happen as promptly as it can, you should probably report this as suggested.
These requests have already been sent to specialists avast.
This was done primarily
-
There is a packed obfuscated script file being loaded {gzip} with the home page (image 1), is this meant to happen ?
See image2 for an extract of the obfuscated file being loaded.
So I'm not sure this is a false positive, but it certainly needs investigation, I know you have said you reported it. But if you didn't use the link in Reply #3 I would use that as that seems to have a faster response.
If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review (network shield and Web Shield), etc. a link to this topic might also help.
-
I still believe that this is a false alarm. because if we remove from the code page of the site:
<base href="http://www.magnum-blog.pp.ua/" />
and
<script type="text/javascript" src="http://www.magnum-blog.pp.ua/plugins/system/lknlightbox/lknlightbox.js"></script>
avast no longer see the threat. So, what's so wrong with these two lines?
If you scan the file avast lknlightbox.js on the path above. That virus is not there
-
There is a packed obfuscated script file being loaded {gzip} with the home page (image 1), is this meant to happen ?
See image2 for an extract of the obfuscated file being loaded.
Interesting, Sucuri says clean though...
Guess we need a reply from the virus lab here.
-
Already found the cause for which the full antivirus complains to the site.
It just shocked me.
Site address for some unknown reason is in the black list antivirus.
As I checked out. simple.
The site has a service address, if you go through it, the antivirus is silent.
A response to my request no.
If interested I can give a service address
-
Well I don't know if giving out the service address on-line would be wise.
So I don't know what the difference is between the two addresses, as it obviously isn't loading this {gzip} file at the start or the web shield would be alerting. When there are sufficient web shield alerts, that feedback goes through the CommunityIQ feature and eventually the site would be added to the the malicious sites list in the network shield.
So the question I asked before is still the same and remains unanswered:
There is a packed obfuscated script file being loaded {gzip} with the home page (image 1 in my last post), is this meant to happen ?
Plus why this file isn't loaded in the service address.
-
To be honest I did not understand which file?
On your picture, I saw only vague set of characters
Also, I checked the site on the local host. Avast there is nothing to see, although the files have not changed!
I just scanned them and avast there, too, he finds nothing.
I am more than confident that there is no infected file is razed
-
That set of vague characters is the contents of the compressed file that is being loaded (which was image2), the first image is showing that avast is alerting on that compressed file being loaded by the page the /|>{gzip} bit at the end of the URL. I don't know what that is, but there must be something calling a file to be loaded.
-
But then the files should be loaded regardless of what the current address of the site. Files are the same
-
Obviously that isn't the case or you would have an alert like I did in image1 when I visited the main site home page again.
I don't know why that is.
-
Obviously that isn't the case or you would have an alert like I did in image1 when I visited the main site home page again.
He isn't using avast... ;)
-
So this is a false alarm.
For example here is an alternative web address http://www.magnum.zoxt.net/
And you'll see that there is no virus there is no!
And yes, I do not use anti-virus for which the level of false positives is very high, and at times it surpasses avast
-
You can't compare two different sites, if the software at one is of a different version or one site has been hacked you are going to get different results.
I don't get an alert at this site but I do at the other, so there has to be a difference.
-
You can't compare two different sites, if the software at one is of a different version or one site has been hacked you are going to get different results.
I don't get an alert at this site but I do at the other, so there has to be a difference.
This is not another site, this same site, just at a different address.
The same files.
Just the site two adrse (two domains)
Or do you not know such a thing?
-
So this is a false alarm.
For example here is an alternative web address http://www.magnum.zoxt.net/
Please remove my screenshot from your site...!!! >:(
-
You can't compare two different sites, if the software at one is of a different version or one site has been hacked you are going to get different results.
I don't get an alert at this site but I do at the other, so there has to be a difference.
This is not another site, this same site, just at a different address.
The same files.
Just the site two adrse (two domains)
Or do you not know such a thing?
I know one thing, I'm done banging my head against a brick wall.
If you have reported it I will leave it too them to resolve if possible.
-
So this is a false alarm.
For example here is an alternative web address http://www.magnum.zoxt.net/
Please remove my screenshot from your site...!!! >:(
Thanks.
-
Good afternoon.
We have a problem with the fact that our site is blocked http://www.expert-centre.com.ua/ Avast Antivirus: (
The report specified that the threat on our website HTML: RedirBA-inf [Trj]
We have checked the site and found no threats. Can you unlock our website?
Have a nice day.
PS. I feel very sorry for my english: - [
-
first...you should have createt your own topic in the virus and worms section....
url check by sucuri
http://sitecheck.sucuri.net/results/www.expert-centre.com.ua/
urlvoid
http://www.urlvoid.com/scan/expert-centre.com.ua/
-
Also see how your site was being abused with exploit pack malcode: http://urlquery.net/report.php?id=77532
Also consider this report: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=expert-centre.com.ua
polonus