A previously infected web page still on blacklist

[bgyorok]

I don't know if it's the right place , but I should like a site (http://fatboyz.eu) to be removed from Avast blacklist. I have replaced the insecure portal engine with another one, and used several webscan methods to make sure it is no longer infected.

TY,
Boldi

[Left123]

http://www.urlvoid.com/

[bgyorok]

Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    UNRATED
Scanning site with:    DNS-BH    CLEAN
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    UNRATED
Scanning site with:    Malware Domain List    CLEAN
Scanning site with:    MyWOT    DETECTED
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    Norton SafeWeb    UNRATED
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    CLEAN
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    DETECTED
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    UNRATED
Scanning site with:    ZeuS Tracker    CLEAN

Two of the reputation sites show "detected" status, but as of 22 october.

Starting a scan brings up the following:

Report    2010-10-31 15:05:37 (GMT 1)
File Name    fatboyz-eu
File Size    20563 bytes
File Type    Unknown file
MD5 Hash    d3ce36e3cf2a999611161a57a3d7bf5d
SHA1 Hash    244facd7c831e748b3f01847c340eebb895a7d27
Detections:   0 / 16 (0 %)
Status   CLEAN
Antivirus    Updated    Engine    Result
a-squared    31/10/2010    5.0.0.20    -
Avast    31/10/2010    5.0    -
AVG    31/10/2010    9.0.0.725    -
Avira AntiVir    31/10/2010    7.6.0.59    -
BitDefender    31/10/2010    7.0.0.2555    -
ClamAV    31/10/2010    0.96.2.1    -
Comodo    31/10/2010    4.0    -
Dr.Web    31/10/2010    5.00.0    -
F-PROT6    31/10/2010    4.6.1.107    -
Ikarus T3    31/10/2010    1001084    -
Kaspersky    31/10/2010    9.0.0.736    -
NOD32    31/10/2010    4.2.42.0    -
Panda    31/10/2010    10.0.3.0    -
TrendMicro    31/10/2010    9.120-1004    -
VBA32    31/10/2010    3.12.14.1    -
VirusBuster    31/10/2010    1.5.6    -

I guess, the site is clean but its reputation is low as a consequence of former malicios content.
Please, correct me if I am wrong!

[DavidR]

Also see http://www.stopbadware.org/reports/64321db06fa17fb0434bbf7e6e2f27a0.

Have they recently had the site hacked ?

[bgyorok]

TY,
The site seems to have been hacked. I had found several suspicious "<script></script>" entries, unexpected images, and experienced apache2 crashes.
I deleted the whole source code, upgraded as many packages as possible, and installed a totally new php engine. The site seems to be clean and stable. Some of the members of my community (including me) use Avast that blocks the url as long as it is blacklisted.
I have requested a review at stopbadware.org, and indicated goodware at trendmicro.
Do I have to restore my reputation at each reputation site not to be blacklisted, or it is possible that Avast checks the site and make me whitelisted?

[DavidR]

That is part of the problem once flagged at various sites it is hard to get off as it seems to generate a life of its own.

As for avast try an email to virus (at) avast (dot) com with False Positive - Network Shield in the subject and explain the issue in the email body, a link to the site and this topic. Ask for a review etc.

[bgyorok]

Thank you for your help, I'll send the email...

[DavidR]

You're welcome.

[Milos]

Hello,
thank you for email notify, it will be fixed in next VPS update.

Milos