Author Topic: URL:Mal for my site  (Read 13472 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: URL:Mal for my site
« Reply #15 on: January 23, 2013, 12:25:17 PM »
That |>{gzip} at the end indicates that a compressed script file is being loaded and within that compresses script file there is a Redirect, I suspect that the URL it is being redirected to isn't liked by the Web or Network Shields. The HTML:RedirME-inf [Trj] malware name and the important bit is the -inf part which has previously been associated with injected code.

So was there a compressed script file being loaded on the ucp.php (login) page ?

If there are no longer any alerts by avast it is possible that the compressed script file isn't being loaded or the redirect URL is no longer considered suspect. Unfortunately as an avast user I can't tell you which.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: URL:Mal for my site
« Reply #16 on: January 23, 2013, 05:29:05 PM »
Still get an avast Network Shield URL;Mal warning for htxp://sp63.ru

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

OlegH

  • Guest
Re: URL:Mal for my site
« Reply #17 on: January 23, 2013, 06:45:24 PM »
Today I catched a virus
https://www.virustotal.com/file/19e4834462bd18441c998c1a5ecea0f7f9ce221e01d41c45119c62b433d7df1c/analysis/1358962179/
Avast passed it.
Virus blocked access to internet sites and I get the same message (URL:Mal).
Check the system by another antivirus or check windows registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
- virus is attaching itself to any starting process by that registry key

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #18 on: January 23, 2013, 08:50:19 PM »
I know that viruses on client computer may trigger this problem, but i'm owner of that site and it's doesn't have any viruses. I wanna to fix this up.

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #19 on: January 23, 2013, 08:52:37 PM »
Still get an avast Network Shield URL;Mal warning for htxp://sp63.ru

polonus

What can i do else to solve this misunderstanding?

I tried to disable frontend gzip compression, but no luck, random parts of site without apparent reason alerts with threats without description  :'(

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #20 on: January 23, 2013, 08:54:10 PM »
That |>{gzip} at the end indicates that a compressed script file is being loaded and within that compresses script file there is a Redirect, I suspect that the URL it is being redirected to isn't liked by the Web or Network Shields. The HTML:RedirME-inf [Trj] malware name and the important bit is the -inf part which has previously been associated with injected code.

So was there a compressed script file being loaded on the ucp.php (login) page ?

If there are no longer any alerts by avast it is possible that the compressed script file isn't being loaded or the redirect URL is no longer considered suspect. Unfortunately as an avast user I can't tell you which.
My frontend compress with gzip all html/css/javascript content it normal situation. And login form redirecting to another local page of site, it's normal too.

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #21 on: January 25, 2013, 10:29:51 AM »
Please, help me! :(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: URL:Mal for my site
« Reply #22 on: January 25, 2013, 01:08:31 PM »
I'm still not getting any alerts using firefox 18.0.1, but obviously I can't attempt the login as I'm not registered and more importantly can't read Russian.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #23 on: January 25, 2013, 01:10:44 PM »
You can check it here hxxp://www.sp63.ru/viewtopic.php?f=79&t=317, this page accepts unauthorized users.
« Last Edit: January 25, 2013, 02:04:51 PM by zloyrusskiy »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: URL:Mal for my site
« Reply #24 on: January 25, 2013, 01:17:30 PM »
You should break that URL (change http to hXXp) to prevent accidental exposure.

That alerts, but it is trying to download download/file.php someone's avatar image. I don't know where those avatars are stored/downloaded from but that one considers a malicious site. Whilst the originating file.php might be on sp63.ru, the location of the avatar could be off-site.
« Last Edit: January 25, 2013, 01:20:39 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #25 on: January 25, 2013, 02:29:26 PM »
You should break that URL (change http to hXXp) to prevent accidental exposure.

That alerts, but it is trying to download download/file.php someone's avatar image. I don't know where those avatars are stored/downloaded from but that one considers a malicious site. Whilst the originating file.php might be on sp63.ru, the location of the avatar could be off-site.

1. It's common way to display avatars in phpbb. But avast doesn't alert on other phpbb forums.
2. Phpbb store images locally and this script download images from sites server
3. Avast can't determine source of image by url in this case
4. There is no problem in fact that avatars can be hosted on other server, many huge internet sites do this.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: URL:Mal for my site
« Reply #26 on: January 25, 2013, 03:11:29 PM »
1. yes it is, but that isn't the point, if the avatar is in an off-site location then it is possible that is what is being alerted on.
3. well it can determine the location as ultimately it has to be fetched from a location, that IP would also be monitored and checked against the malicious sites list.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: URL:Mal for my site
« Reply #27 on: January 27, 2013, 06:13:01 PM »
hi zloyrusskiy:

i saw your site is work fine now,congratulation to you,
but my site also have the same problem, my website is
hxxxp://www.sexylingeriewholesaler.com

can you tell me how did fix this problem?

please help.!

thank you
Jacky

zloyrusskiy

  • Guest
Re: URL:Mal for my site
« Reply #28 on: January 27, 2013, 06:20:39 PM »
hi zloyrusskiy:

i saw your site is work fine now,congratulation to you,
but my site also have the same problem, my website is
hxxxp://www.sexylingeriewholesaler.com

can you tell me how did fix this problem?

please help.!

thank you
Jacky

I wrote 2 requests about "false virus alerts for website" to http://www.avast.com/contact-form.php?loadStyles. They reaction time not so bad - 1 day.  8)

P.S. Polonus, thank you!!!