Author Topic: How do I get whitelisted?  (Read 6716 times)

0 Members and 1 Guest are viewing this topic.

Offline howardsims

  • Newbie
  • *
  • Posts: 2
How do I get whitelisted?
« on: April 25, 2012, 05:53:08 PM »
How do I whitelist my websites and software so they do not trigger a hit?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67289
Re: How do I get whitelisted?
« Reply #1 on: April 25, 2012, 06:01:02 PM »
Get them clean :)
Well, I mean, it would be good if you post your website url and we can check if (why) your products are marked as false positives ;)
The best things in life are free.

Offline Oldiesmann

  • Newbie
  • *
  • Posts: 5
Re: How do I get whitelisted?
« Reply #2 on: May 21, 2013, 07:18:45 PM »
Not sure what the policy is of bumping topics here, but I would like to have my domain, oldiesmann.us, whitelisted again. It appears someone got hold of the FTP/cPanel password for that domain and went to town with it - uploading a "NeW0nE.exe" file (no idea what that is), a botnet script and a MySQL backup script. I deleted the files in question, changed the password and blocked the entire range of IP addresses involved at the server level (it's a VPS, so I can blacklist them on the firewall to prevent them from accessing anything on that server).

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34555
Re: How do I get whitelisted?
« Reply #3 on: May 21, 2013, 08:44:05 PM »
urlvoid report
http://www.urlvoid.com/scan/oldiesmann.us/

if you think this is wrong, report it here.   http://www.avast.com/contact-form.php




Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Simion

  • Advanced Poster
  • **
  • Posts: 760
Re: How do I get whitelisted?
« Reply #4 on: May 22, 2013, 02:00:02 AM »
urlvoid report
http://www.urlvoid.com/scan/oldiesmann.us/

The site currently scans clean with Dr.Web, but is on Dr.Web's malicious sites list.

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3176
  • Avast shall conquer the whole world
ASUS G75VX-T4153H - Avast Premier v18.5.2342 - W8.1 64bit - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - CCleaner - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline Oldiesmann

  • Newbie
  • *
  • Posts: 5
Re: How do I get whitelisted?
« Reply #6 on: May 23, 2013, 12:13:11 AM »
Sent a message via the contact form. The one file reported by scumware doesn't exist on the server (and hasn't for some time). I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.

Offline RNfromTN

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 670
  • surfin sandboxed
Re: How do I get whitelisted?
« Reply #7 on: May 23, 2013, 12:31:59 AM »
I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.

https://support.drweb.com/new/urlfilter/?lng=en
Hi, hope this helps.
Sandboxie| IFW|Outpost firewall|Norton Ghost|Win XP,Vista,7
member since 2005| Linux Mint user

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30440
  • malware fighter
Re: How do I get whitelisted?
« Reply #8 on: May 23, 2013, 12:41:05 AM »
See here: http://www.senderbase.org/lookup?search_string=72.44.88.18  (status OK)
also here: http://urlquery.net/report.php?id=2621800
code hick up for lavalamp-1.3.5.js
Blacklists here: http://www.urlvoid.com/ip/72.44.88.18/  DrWeb URL check - send a FP here!
htxp://oldiesmann.usredirects tohttp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect
(rewrite this like given here: http://www.seomoz.org/ugc/removing-phpsessid-from-an-url  (link posting author = tehtjo)
htxp://oldiesmann.us is in Dr.Web malicious sites list!
hxtp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect is in Dr.Web malicious sites list!

Checking:htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235
File size:9999 bytes
File MD5:fb78e2cb1f9a819865b53fb032be6610

htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235 - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235/JSFile_1[0][270f] - Ok
htxp://www.oldiesmann.us/Themes/default/scripts/portal.js?235 - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/theme.js?fin20
File size:3688 bytes
File MD5:3ee2d743cd3208f4715c73fa024e63ae

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/theme.js?fin20 - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js
File size:8301 bytes
File MD5:a6f75e0c043a2a087837e5c113cc6f7a

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js/JSFile_1[0][206d] - Ok
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.easing.1.3.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20
File size:46.47 KB
File MD5:361e0f1f5f96387d19649d9ec56e524e

htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20 - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20/JSEvent_1[5f] - Ok
>htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20/JSEvent_2[62] - Ok
htxp://www.oldiesmann.us/Themes/default/scripts/script.js?fin20 - Ok

Checking:htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
File size:89.20 KB
File MD5:459076b536e7df0411c5a265fcce3600

htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - archive JS-HTML
>htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js/JSTag_1[11530][4f9d] - Ok
htxp://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js
File size:5451 bytes
File MD5:e83257a6ddccc609576df4b4a0f4fb6c

htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/default/scripts/sha1.js/JSFile_1[0][154b] - Ok
hxtp://www.oldiesmann.us/Themes/default/scripts/sha1.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js
File size:3284 bytes
File MD5:1f24defe6906073c04d5de4a5c79403e

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js - archive JS-HTML
>htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js/JSFile_1[0][cd4] - Ok
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery_bits.js - Ok

Checking:htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js
File size:17.76 KB
File MD5:cc69b12e052bd255c1203539c139b9db

htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js - archive JS-HTML
htxp://www.oldiesmann.us/Themes/Vertex-Theme2-0-2-v1-2/scripts/jquery.lavalamp-1.3.5.js - Ok

Checking:hxtp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect
Engine version:7.0.4.9250
Total virus-finding records:4045651
File size:38.29 KB
File MD5:a63d463dd294600aaab8816e58c8827c

httx://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect - archive JS-HTML
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_1[29e][21c] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_2[ad1][41d] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTAG_3[816d][1a0] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_4[2b3][207] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_5[ae6][408] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_6[5288][2a] - Ok
>htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect/JSTag_7[8182][18b] - Ok
htxp://www.oldiesmann.us/index.php?PHPSESSID=eb3661107117d8749e58654f300f2354;wwwRedirect - Ok

polonus

« Last Edit: May 23, 2013, 12:46:02 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Oldiesmann

  • Newbie
  • *
  • Posts: 5
Re: How do I get whitelisted?
« Reply #9 on: May 23, 2013, 06:27:46 AM »
I can't find out what Dr.Web is complaining about, nor can I fin a contact form to get them to whitelist the site.

https://support.drweb.com/new/urlfilter/?lng=en
Hi, hope this helps.

I saw that earlier but didn't see it as a way to report false alarms for viruses. I see that now though so I've submitted it there as well. Hopefully that will help.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30440
  • malware fighter
Re: How do I get whitelisted?
« Reply #10 on: May 23, 2013, 01:49:38 PM »
This could have been older reports for the IP your on: http://www.scumware.org/report/72.44.88.18
for HTML/ScrInject.B.Gen virus and Win32/PSW.Fareit.A trojan

PWS:Win32/Fareit.A is a trojan that steals sensitive information from the affected user's computer and sends it to a remote attacker.

The other virus could stem from your computer, not your website as it may be in your Firefox profile or could be resting in IE"administrator/ appdata/local/microsoft/windows/temporary internet files/low IE5/ htm file"

The two following scanners may help to locate it: These are free on demand scanners that may help:

Malwarebytes Antimalware Free - http://www.malwarebytes.org/products/malwarebytes_free
Please note, do not accept the trial version of MBAM Pro as it will conflict with MSE while the free version will not.

Superantispyware Free - http://www.superantispyware.com/downloadfile.html?productid=superantispywarefree

If there are remnants of such adware then you might need the help of a qualified removal expert here...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Oldiesmann

  • Newbie
  • *
  • Posts: 5
Re: How do I get whitelisted?
« Reply #11 on: May 23, 2013, 11:55:01 PM »
I don't think there's anything on my end - I've had Avast Internet Security running for several months and assorted other internet security programs before that. The "result.exe" file that it lists is long gone, and that's a Linux server anyway so it wouldn't do much good unless someone downloaded it.

I'm not sure what "HTML/ScrInject.B.Gen" is. I installed clamv and ran a scan with it on the account for that domain. That turned up a few PHP shell scripts which have since been deleted. Another clamv scan now indicates that everything is clean:

Quote
[root@server] [/home/.../] # clamvscan -rq public_html
----------- SCAN SUMMARY -----------
Known viruses: 2337066
Engine version: 0.97.8
Scanned directories: 9251
Scanned files: 52044
Infected files: 0
Data scanned: 764.48 MB
Data read: 41819.96 MB (ratio 0.02:1)
Time: 145.539 sec (2 m 25 s)

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30440
  • malware fighter
Re: How do I get whitelisted?
« Reply #12 on: May 24, 2013, 12:26:13 AM »
The detection was from 2013-05-22 and in WordPress and it cannot be disinfected just should be deleted,
found  in error.php or all.php (object attacks) -
attack could be created via Debug.output via Wget or filesubmit or via other methods...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Oldiesmann

  • Newbie
  • *
  • Posts: 5
Re: How do I get whitelisted?
« Reply #13 on: May 24, 2013, 05:03:35 PM »
The detection was from 2013-05-22 and in WordPress and it cannot be disinfected just should be deleted,
found  in error.php or all.php (object attacks) -
attack could be created via Debug.output via Wget or filesubmit or via other methods...

polonus

There's only one problem with that... I don't use WordPress nor is it installed anywhere on the (virtual) server.