Author Topic: False Positive on a website (Read 2926 times)

earth_grinder · « **on:** November 16, 2013, 03:09:15 AM »

Avast would not let me access a perfectly safe website called importantpics.com http://importantpics.com/1950DCPhotos/?tag=suitland-tractor-company How can that be corrected?

avastreally? · « **Reply #1 on:** November 16, 2013, 03:14:42 AM »

There is a possibility the site is hosted on malicious server
also backlisted by WOT
http://www.ipvoid.com/scan/72.167.183.42/

earth_grinder · « **Reply #2 on:** November 16, 2013, 03:25:11 AM »

So, because AVG said there was malware Avast blocked the site. Well, I had AVG and a virus or malware got through and that is why I have Avast. So as long as I have Avast I won't be able to access that site without turning Avast off?

Pondus · « **Reply #3 on:** November 16, 2013, 03:36:42 AM »

according to AVG the site has been infected With SEO:spam .... but seems clean now

http://www.avgthreatlabs.com/website-safety-reports/domain/importantpics.com/

http://blog.sucuri.net/2012/08/sitecheck-got-blackhat-seo-spam-warning.html

bob3160 · « **Reply #4 on:** November 16, 2013, 01:52:43 PM »

If it's a false positive,as you claim, report it to avast!.
If it's found to be clean then it will be corrected.

earth_grinder · « **Reply #5 on:** November 16, 2013, 02:57:41 PM »

Thank you for your reply. I reported it to Avast.

essexboy · « **Reply #6 on:** November 16, 2013, 03:06:39 PM »

It shows the hideme redirect

polonus · « **Reply #7 on:** November 16, 2013, 04:02:54 PM »

There is also this suspicious file:
/index.html
Severity:    Potentially Suspicious
Reason:    Detected unconditional redirection to external web resource.
Details:   <meta http-equiv="refresh" content="6;URL=htxp://www.fsmphoto.com">
Threat dump:   View code
File size[byte]:    2081
File type:    ASCII
MD5:    05DC439D88CF3B93EBE5CAE426DCA120
Scan duration[sec]:    0.002000

This is also given as a code hick-up there:
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
s0.wp dot com/wp-content/js/devicepx-jetpack.js?ver=201346 benign
[nothing detected] (script) s0.wp dot com/wp-content/js/devicepx-jetpack.js?ver=201346
status: (referer=importantpics.com/1950DCPhotos/?tag=suitland-tractor-company)saved 9153 bytes 2e2eeb3b5db8c4955a7786324c70a7c6cb559afd
info: [decodingLevel=0] found JavaScript
error: undefined variable document.body.style
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var document.body.style = 1; (Expected '.')
error: line:1: ....^
suspicious:

The hide-me malcode resides in Decoded Files
30dc/175bb951d094ca784643da8f311db5f89b1d from importantpics dot com/1950DCPhotos/?tag=suitland-tractor-company (20815 bytes, 449 hidden) download

PHP vuln. for site: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-36749/PHP-PHP-5.1.6.html
(local file inclusion exploit)

pol

Author Topic: False Positive on a website (Read 2926 times)

earth_grinder

False Positive on a website

avastreally?

Re: False Positive on a website

earth_grinder

Re: False Positive on a website

Pondus

Re: False Positive on a website

bob3160

Re: False Positive on a website

earth_grinder

Re: False Positive on a website

essexboy

Re: False Positive on a website

polonus

Re: False Positive on a website