Avast WEBforum
Other => General Topics => Topic started by: howardsims on April 25, 2012, 05:53:08 PM
-
How do I whitelist my websites and software so they do not trigger a hit?
-
Get them clean :)
Well, I mean, it would be good if you post your website url and we can check if (why) your products are marked as false positives ;)
-
Not sure what the policy is of bumping topics here, but I would like to have my domain, oldiesmann.us, whitelisted again. It appears someone got hold of the FTP/cPanel password for that domain and went to town with it - uploading a "NeW0nE.exe" file (no idea what that is), a botnet script and a MySQL backup script. I deleted the files in question, changed the password and blocked the entire range of IP addresses involved at the server level (it's a VPS, so I can blacklist them on the firewall to prevent them from accessing anything on that server).
-
urlvoid report
http://www.urlvoid.com/scan/oldiesmann.us/
if you think this is wrong, report it here. http://www.avast.com/contact-form.php
-
urlvoid report
http://www.urlvoid.com/scan/oldiesmann.us/
The site currently scans clean with Dr.Web, but is on Dr.Web's malicious sites list.
-
http://app.webinspector.com/public/reports/14230090#
(http://my.jetscreenshot.com/18514/m_20130522-pyhl-52kb.jpg) (http://my.jetscreenshot.com/18514/20130522-pyhl-52kb)
-
Sent a message via the contact form. The one file reported by scumware doesn't exist on the server (and hasn't for some time). I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.
-
I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.
https://support.drweb.com/new/urlfilter/?lng=en (https://support.drweb.com/new/urlfilter/?lng=en)
Hi, hope this helps.
-
See here: http://www.senderbase.org/lookup?search_string=72.44.88.18 (status OK)
also here: http://urlquery.net/report.php?id=2621800
code hick up for lavalamp-1.3.5.js
Blacklists here: http://www.urlvoid.com/ip/72.44.88.18/ DrWeb URL check - send a FP here!
htxp://oldiesmann.usredirects tohttp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect
(rewrite this like given here: http://www.seomoz.org/ugc/removing-phpsessid-from-an-url (link posting author = tehtjo)
htxp://oldiesmann.us is in Dr.Web malicious sites list!
hxtp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect is in Dr.Web malicious sites list!
Checking:htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235
File size:9999 bytes
File MD5:fb78e2cb1f9a819865b53fb032be6610
htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235 - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235/JSFile_1[0][270f] - Ok
htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235 - Ok
Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/theme.js?fin20
File size:3688 bytes
File MD5:3ee2d743cd3208f4715c73fa024e63ae
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/theme.js?fin20 - Ok
Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js
File size:8301 bytes
File MD5:a6f75e0c043a2a087837e5c113cc6f7a
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js/JSFile_1[0][206d] - Ok
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js - Ok
Checking:htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20
File size:46.47 KB
File MD5:361e0f1f5f96387d19649d9ec56e524e
htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20 - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20/JSEvent_1[5f] - Ok
>htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20/JSEvent_2[62] - Ok
htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20 - Ok
Checking:htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
File size:89.20 KB
File MD5:459076b536e7df0411c5a265fcce3600
htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - archive JS-HTML
>htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js/JSTag_1[11530][4f9d] - Ok
htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - Ok
Checking:htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js
File size:5451 bytes
File MD5:e83257a6ddccc609576df4b4a0f4fb6c
htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js/JSFile_1[0][154b] - Ok
hxtp://www.oldiesmann.us/Themes/default/scripts/sha1.js - Ok
Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js
File size:3284 bytes
File MD5:1f24defe6906073c04d5de4a5c79403e
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js/JSFile_1[0][cd4] - Ok
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js - Ok
Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js
File size:17.76 KB
File MD5:cc69b12e052bd255c1203539c139b9db
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js - archive JS-HTML
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js - Ok
Checking:hxtp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect
Engine version:7.0.4.9250
Total virus-finding records:4045651
File size:38.29 KB
File MD5:a63d463dd294600aaab8816e58c8827c
httx://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect - archive JS-HTML
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_1[29e][21c] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_2[ad1][41d] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_3[816d][1a0] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_4[2b3][207] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_5[ae6][408] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_6[5288][2a] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_7[8182][18b] - Ok
htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect - Ok
polonus
-
I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.
https://support.drweb.com/new/urlfilter/?lng=en (https://support.drweb.com/new/urlfilter/?lng=en)
Hi, hope this helps.
I saw that earlier but didn't see it as a way to report false alarms for viruses. I see that now though so I've submitted it there as well. Hopefully that will help.
-
This could have been older reports for the IP your on: http://www.scumware.org/report/72.44.88.18
for HTML/ScrInject.B.Gen virus and Win32/PSW.Fareit.A trojan
PWS:Win32/Fareit.A is a trojan that steals sensitive information from the affected user's computer and sends it to a remote attacker.
The other virus could stem from your computer, not your website as it may be in your Firefox profile or could be resting in IE"administrator/ appdata/local/microsoft/windows/temporary internet files/low IE5/ htm file"
The two following scanners may help to locate it: These are free on demand scanners that may help:
Malwarebytes Antimalware Free - http://www.malwarebytes.org/products/malwarebytes_free
Please note, do not accept the trial version of MBAM Pro as it will conflict with MSE while the free version will not.
Superantispyware Free - http://www.superantispyware.com/downloadfile.html?productid=superantispywarefree
If there are remnants of such adware then you might need the help of a qualified removal expert here...
polonus
-
I don't think there's anything on my end - I've had Avast Internet Security running for several months and assorted other internet security programs before that. The "result.exe" file that it lists is long gone, and that's a Linux server anyway so it wouldn't do much good unless someone downloaded it.
I'm not sure what "HTML/ScrInject.B.Gen" is. I installed clamv and ran a scan with it on the account for that domain. That turned up a few PHP shell scripts which have since been deleted. Another clamv scan now indicates that everything is clean:
[root@server] [/home/.../] # clamvscan -rq public_html
----------- SCAN SUMMARY -----------
Known viruses: 2337066
Engine version: 0.97.8
Scanned directories: 9251
Scanned files: 52044
Infected files: 0
Data scanned: 764.48 MB
Data read: 41819.96 MB (ratio 0.02:1)
Time: 145.539 sec (2 m 25 s)
-
The detection was from 2013-05-22 and in WordPress and it cannot be disinfected just should be deleted,
found in error.php or all.php (object attacks) -
attack could be created via Debug.output via Wget or filesubmit or via other methods...
polonus
-
The detection was from 2013-05-22 and in WordPress and it cannot be disinfected just should be deleted,
found in error.php or all.php (object attacks) -
attack could be created via Debug.output via Wget or filesubmit or via other methods...
polonus
There's only one problem with that... I don't use WordPress nor is it installed anywhere on the (virtual) server.