Avast WEBforum

Other => General Topics => Topic started by: howardsims on April 25, 2012, 05:53:08 PM

Title: How do I get whitelisted?
Post by: howardsims on April 25, 2012, 05:53:08 PM
How do I whitelist my websites and software so they do not trigger a hit?
Title: Re: How do I get whitelisted?
Post by: Lisandro on April 25, 2012, 06:01:02 PM
Get them clean :)
Well, I mean, it would be good if you post your website url and we can check if (why) your products are marked as false positives ;)
Title: Re: How do I get whitelisted?
Post by: Oldiesmann on May 21, 2013, 07:18:45 PM
Not sure what the policy is of bumping topics here, but I would like to have my domain, oldiesmann.us, whitelisted again. It appears someone got hold of the FTP/cPanel password for that domain and went to town with it - uploading a "NeW0nE.exe" file (no idea what that is), a botnet script and a MySQL backup script. I deleted the files in question, changed the password and blocked the entire range of IP addresses involved at the server level (it's a VPS, so I can blacklist them on the firewall to prevent them from accessing anything on that server).
Title: Re: How do I get whitelisted?
Post by: Pondus on May 21, 2013, 08:44:05 PM
urlvoid report
http://www.urlvoid.com/scan/oldiesmann.us/

if you think this is wrong, report it here.   http://www.avast.com/contact-form.php




Title: Re: How do I get whitelisted?
Post by: Simion on May 22, 2013, 02:00:02 AM
urlvoid report
http://www.urlvoid.com/scan/oldiesmann.us/

The site currently scans clean with Dr.Web, but is on Dr.Web's malicious sites list.
Title: Re: How do I get whitelisted?
Post by: SpeedyPC on May 22, 2013, 02:28:36 AM
http://app.webinspector.com/public/reports/14230090#

(http://my.jetscreenshot.com/18514/m_20130522-pyhl-52kb.jpg) (http://my.jetscreenshot.com/18514/20130522-pyhl-52kb)
Title: Re: How do I get whitelisted?
Post by: Oldiesmann on May 23, 2013, 12:13:11 AM
Sent a message via the contact form. The one file reported by scumware doesn't exist on the server (and hasn't for some time). I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.
Title: Re: How do I get whitelisted?
Post by: timcan on May 23, 2013, 12:31:59 AM
I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.

https://support.drweb.com/new/urlfilter/?lng=en (https://support.drweb.com/new/urlfilter/?lng=en)
Hi, hope this helps.
Title: Re: How do I get whitelisted?
Post by: polonus on May 23, 2013, 12:41:05 AM
See here: http://www.senderbase.org/lookup?search_string=72.44.88.18  (status OK)
also here: http://urlquery.net/report.php?id=2621800
code hick up for lavalamp-1.3.5.js
Blacklists here: http://www.urlvoid.com/ip/72.44.88.18/  DrWeb URL check - send a FP here!
htxp://oldiesmann.usredirects tohttp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect
(rewrite this like given here: http://www.seomoz.org/ugc/removing-phpsessid-from-an-url  (link posting author = tehtjo)
htxp://oldiesmann.us is in Dr.Web malicious sites list!
hxtp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect is in Dr.Web malicious sites list!

Checking:htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235
File size:9999 bytes
File MD5:fb78e2cb1f9a819865b53fb032be6610

htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235 - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235/JSFile_1[0][270f] - Ok
htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235 - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/theme.js?fin20
File size:3688 bytes
File MD5:3ee2d743cd3208f4715c73fa024e63ae

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/theme.js?fin20 - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js
File size:8301 bytes
File MD5:a6f75e0c043a2a087837e5c113cc6f7a

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js/JSFile_1[0][206d] - Ok
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20
File size:46.47 KB
File MD5:361e0f1f5f96387d19649d9ec56e524e

htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20 - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20/JSEvent_1[5f] - Ok
>htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20/JSEvent_2[62] - Ok
htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20 - Ok

Checking:htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
File size:89.20 KB
File MD5:459076b536e7df0411c5a265fcce3600

htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - archive JS-HTML
>htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js/JSTag_1[11530][4f9d] - Ok
htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js
File size:5451 bytes
File MD5:e83257a6ddccc609576df4b4a0f4fb6c

htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js/JSFile_1[0][154b] - Ok
hxtp://www.oldiesmann.us/Themes/default/scripts/sha1.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js
File size:3284 bytes
File MD5:1f24defe6906073c04d5de4a5c79403e

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js/JSFile_1[0][cd4] - Ok
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js
File size:17.76 KB
File MD5:cc69b12e052bd255c1203539c139b9db

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js - archive JS-HTML
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js - Ok

Checking:hxtp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect
Engine version:7.0.4.9250
Total virus-finding records:4045651
File size:38.29 KB
File MD5:a63d463dd294600aaab8816e58c8827c

httx://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect - archive JS-HTML
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_1[29e][21c] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_2[ad1][41d] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_3[816d][1a0] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_4[2b3][207] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_5[ae6][408] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_6[5288][2a] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_7[8182][18b] - Ok
htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect - Ok

polonus

Title: Re: How do I get whitelisted?
Post by: Oldiesmann on May 23, 2013, 06:27:46 AM
I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.

https://support.drweb.com/new/urlfilter/?lng=en (https://support.drweb.com/new/urlfilter/?lng=en)
Hi, hope this helps.

I saw that earlier but didn't see it as a way to report false alarms for viruses. I see that now though so I've submitted it there as well. Hopefully that will help.
Title: Re: How do I get whitelisted?
Post by: polonus on May 23, 2013, 01:49:38 PM
This could have been older reports for the IP your on: http://www.scumware.org/report/72.44.88.18
for HTML/ScrInject.B.Gen virus and Win32/PSW.Fareit.A trojan

PWS:Win32/Fareit.A is a trojan that steals sensitive information from the affected user's computer and sends it to a remote attacker.

The other virus could stem from your computer, not your website as it may be in your Firefox profile or could be resting in IE"administrator/ appdata/local/microsoft/windows/temporary internet files/low IE5/ htm file"

The two following scanners may help to locate it: These are free on demand scanners that may help:

Malwarebytes Antimalware Free - http://www.malwarebytes.org/products/malwarebytes_free
Please note, do not accept the trial version of MBAM Pro as it will conflict with MSE while the free version will not.

Superantispyware Free - http://www.superantispyware.com/downloadfile.html?productid=superantispywarefree

If there are remnants of such adware then you might need the help of a qualified removal expert here...

polonus
Title: Re: How do I get whitelisted?
Post by: Oldiesmann on May 23, 2013, 11:55:01 PM
I don't think there's anything on my end - I've had Avast Internet Security running for several months and assorted other internet security programs before that. The "result.exe" file that it lists is long gone, and that's a Linux server anyway so it wouldn't do much good unless someone downloaded it.

I'm not sure what "HTML/ScrInject.B.Gen" is. I installed clamv and ran a scan with it on the account for that domain. That turned up a few PHP shell scripts which have since been deleted. Another clamv scan now indicates that everything is clean:

Quote
[root@server] [/home/.../] # clamvscan -rq public_html
----------- SCAN SUMMARY -----------
Known viruses: 2337066
Engine version: 0.97.8
Scanned directories: 9251
Scanned files: 52044
Infected files: 0
Data scanned: 764.48 MB
Data read: 41819.96 MB (ratio 0.02:1)
Time: 145.539 sec (2 m 25 s)
Title: Re: How do I get whitelisted?
Post by: polonus on May 24, 2013, 12:26:13 AM
The detection was from 2013-05-22 and in WordPress and it cannot be disinfected just should be deleted,
found  in error.php or all.php (object attacks) -
attack could be created via Debug.output via Wget or filesubmit or via other methods...

polonus
Title: Re: How do I get whitelisted?
Post by: Oldiesmann on May 24, 2013, 05:03:35 PM
The detection was from 2013-05-22 and in WordPress and it cannot be disinfected just should be deleted,
found  in error.php or all.php (object attacks) -
attack could be created via Debug.output via Wget or filesubmit or via other methods...

polonus

There's only one problem with that... I don't use WordPress nor is it installed anywhere on the (virtual) server.