« previous next »
Pages: [1]   Go Down

Author Topic: URL:Mal на сайте  (Read 2057 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
URL:Mal на сайте
« on: October 27, 2016, 04:06:14 PM »
Добрый день.

На сайт перестало пускать с компьютеров на которых установлен аваст, ругается на URL:Mal и блокирует доступ.
Сайт проверялся онлайн утилитами, а так же выкачивался и проверялся локально разными антивирусами в том числе и авастом. Аваст обнаружил 3 вредоносных файла с расширением .pdf, которые в свою очередь были удалены с сайта, но проблема не решилась.
С компьютеров на которых установлены другие антивирусы пускает без проблем, также инфицированные pdf файлы отправлялись на проверку в virustotal и из нескольких десятков антивирусных баз только аваст забраковал их.
Что нужно сделать чтоб avast не ругался на сайт?
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: URL:Mal на сайте
« Reply #1 on: October 27, 2016, 04:15:44 PM »
Non-english zone  >  https://forum.avast.com/index.php?board=21.0

what URL do you have problems with?

post link to Virustotal scan result
« Last Edit: October 27, 2016, 04:18:32 PM by Pondus »
Logged

REDACTED

  • Guest
Re: URL:Mal на сайте
« Reply #2 on: October 27, 2016, 04:19:18 PM »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: URL:Mal на сайте
« Reply #3 on: October 27, 2016, 04:29:01 PM »
Blacklisted
https://www.virustotal.com/en/url/7a2e640c37b4e03b722ba16ce5907372ed3f59824b3d08712397f1b9b926aef4/analysis/1477578514/

IP history > https://virustotal.com/nb/ip-address/194.58.97.81/information/

Blacklisted > http://www.urlvoid.com/scan/doctor-roshal.ru/

hpHosts list it as EMD > http://hosts-file.net/?s=doctor-roshal.ru
Quote
EMD - Sites engaged in malware distribution
This classification is assigned to website's engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).

Sites with this classification typically either contain files (e.g. cracks, keygens, adware, spyware, trojans, viruses et al) or lead to such via (for example) "fake scanners" or other social engineering and misleading tactics. This includes the activities of rogue Internet Service Providers (ISPs) that host other sites to which the EMD classification applies.


Suspicious  >  http://www.UnmaskParasites.com/security-report/?page=www.doctor-roshal.ru


urlQuery > http://urlquery.net/report.php?id=1477579116898

HTML scan > https://virustotal.com/nb/file/0feb4bb10d5e40a828124c45c9f353347ac0cbdb81533e70e0d86c7504289db8/analysis/1477579391/

« Last Edit: October 27, 2016, 04:44:05 PM by Pondus »
Logged

REDACTED

  • Guest
Re: URL:Mal на сайте
« Reply #4 on: October 27, 2016, 05:09:19 PM »
Спасибо, будем лечить.
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: URL:Mal на сайте
« Reply #5 on: October 27, 2016, 05:16:48 PM »
« Last Edit: October 27, 2016, 05:34:57 PM by Eddy »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: URL:Mal на сайте
« Reply #6 on: October 27, 2016, 07:38:47 PM »
Hi Aleksey3303,

Your website is alerted via Google Safe Browsing:
This site is currently not listed as suspicious by Google, only maybe an older McAfee SiteAdvisor alert,
also Yandex and DrWeb see it as clean and PhishTank. Bitdefender, ESET and Fortinet alert.

A javascript check comes up as suspicious.

Please check this list for unknown links on your website:

-http://www.mosgorzdrav.ru/  -->  ''
-https://www.rosminzdrav.ru/polls/9-anketa-dlya-otsenki-kache  -->  ''
-http://www.roshalfund.com/  -->  ''
-http://www.centr-bdd.ru/home.html  -->  ''
-http://www.spas-extreme.ru/  -->  ''
-http://sopdu.org  -->  ' '
-http://sopdu.org  -->  ' разработка и�'
-http://sopdu.org  -->  'интернет-лабора�'

Redirecting link found: URLs that redirect found in: -http://www.doctor-roshal.ru/

1: -http://operaphone.net/u/1658 -> -http://www.opera.com/mobile//u/1658

See recent IDS alerts here: http://urlquery.net/report.php?id=1477588912692

jQuery code to be retired: http://retire.insecurity.today/#!/scan/df40c4d4d65f058248a67bffba601b9e18ee943c63694c003d24505a2d2b09e8

See "new wave javascript" with sources and sinks: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.doctor-roshal.ru

A-Status OK - https://sritest.io/#report/5301921e-3e63-4e29-8db6-e1e51e4daa5d
F-Status here: https://observatory.mozilla.org/analyze.html?host=www.doctor-roshal.ru

So try to get rid of the blacklisting status and enhance website security as presented to you,

Pozdrawiam, всего́ до́брого

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: URL:Mal на сайте
« Reply #7 on: October 28, 2016, 10:42:26 AM »
Locky infection here a couple of days ago: doctor-roshal[.]ru/drqxbtg
Heal it, update everything vulnerable others pointed out, then we will see ;)
Logged
Pages: [1]   Go Up
« previous next »