Author Topic: avast gives url:mal error - cannot open my website!  (Read 21421 times)

0 Members and 1 Guest are viewing this topic.

raceonusa

  • Guest
avast gives url:mal error - cannot open my website!
« on: August 17, 2010, 06:07:31 PM »
On my windows machine my avast scanner gives me an error and won't let me load my page.  When I uninstall avast or use my Linux machine it works fine, but I have customers that unfortunately use avast.

http://www.raceonusa.com

How am I supposed to troubleshoot this?

I tried clicking on real-time shields > web shields, it just tells me that the web shield started and stopped, gives me no information about the blocked website. The logs there are completely useless.

On the "blocked site" error message it has a "More Information" link, which is merely a sleazy sales gimmick that forwards you to avast's website to buy the full version, it gives no information about the error message.
« Last Edit: August 17, 2010, 06:09:12 PM by raceonusa »

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #1 on: August 17, 2010, 06:56:26 PM »
This is completely misleading because my website has no viruses, yet Avast is making it sound like it does.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast gives url:mal error - cannot open my website!
« Reply #2 on: August 17, 2010, 07:15:12 PM »
Avast reckons it is infected, and for this I trust Avast

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: avast gives url:mal error - cannot open my website!
« Reply #3 on: August 17, 2010, 07:20:15 PM »
Quote
This is completely misleading because my website has no viruses, yet Avast is making it sound like it does.
yea right......well it is not only avast that does not like that website

VirusTotal - raceonusa.com.htm - 9/42
http://www.virustotal.com/file-scan/report.html?id=1707cde04d04eff02d828d50cf38041ec33636feb20879b65e983897a9bfa4e1-1282065420

URL Void - iFrames detected
http://www.novirusthanks.org/services/scan-websites-for-iframes/

« Last Edit: August 17, 2010, 07:23:00 PM by Pondus »

Jaaiden

  • Guest
Essexboy...
« Reply #4 on: August 17, 2010, 10:06:52 PM »
Ok so I've seen you helping out lots of ppl on this forum and on a previous forum you were going over how to fix run dll viruses..

If you would help me I would greatly appreciate it!! So every time I boot up my computer, it gives me an error message in some RUNDLL box.. so I'm pretty sure that is the virus I have.. Anyway.. I've downloaded AVG, Malewarebytes, and OTL and none of them can locate the virus and get it off my computer. AVG spots something and will move it to virus vault but it just comes back the next day. I can't get on internet explorer or everquestII, but that is the only two I am noticing right now that it isn't allowing me to get on. Could you please, please help!!

*oh I'm sorry I posted in the middle of this forum, I am very new to this website and can't figure out how to send PM's so I apologize =(*

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #5 on: August 17, 2010, 10:09:11 PM »
Ok so I've seen you helping out lots of ppl on this forum and on a previous forum you were going over how to fix run dll viruses..

If you would help me I would greatly appreciate it!! So every time I boot up my computer, it gives me an error message in some RUNDLL box.. so I'm pretty sure that is the virus I have.. Anyway.. I've downloaded AVG, Malewarebytes, and OTL and none of them can locate the virus and get it off my computer. AVG spots something and will move it to virus vault but it just comes back the next day. I can't get on internet explorer or everquestII, but that is the only two I am noticing right now that it isn't allowing me to get on. Could you please, please help!!

*oh I'm sorry I posted in the middle of this forum, I am very new to this website and can't figure out how to send PM's so I apologize =(*
Dude. Go hijack someone else's thread. What does that have to do with iframes?!!?

Jaaiden

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #6 on: August 17, 2010, 10:19:59 PM »
Sorry.. I don't quite know how to deal w this website yet. :/

Nothing to do with iframes... I just couldn't figure out how to send a PM that's all. I'll figure it out soon. Sorry. =(

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #7 on: August 17, 2010, 10:39:47 PM »
Quote
This is completely misleading because my website has no viruses, yet Avast is making it sound like it does.
yea right......well it is not only avast that does not like that website

VirusTotal - raceonusa.com.htm - 9/42
http://www.virustotal.com/file-scan/report.html?id=1707cde04d04eff02d828d50cf38041ec33636feb20879b65e983897a9bfa4e1-1282065420

URL Void - iFrames detected
http://www.novirusthanks.org/services/scan-websites-for-iframes/

I had an Iframe (code provided by google) on my webpage,
http://www.w3schools.com/tags/tag_iframe.asp

Which isn't a virus.  Sure it could be if it was pointing to a webpage that had viruses, but mine was pointing google's talk badge. So there's no virus here.

The default talk badge points to an Iframe. I check to see if the url was manipulated and it wasn't. Still pointing to google..
http://www.google.com/talk/service/badge/New

I've removed the iframe badge and replaced it for a no-frills simple version. 

No "viruses" detected..
http://www.virustotal.com/url-scan/report.html?id=2da16f3fb08e2180b0e8dcad4e2f405c-1282064803
Google Webmaster tools reports this site as Clean as well.

I've disabled avast , rebooted, started, stopped, and still avast say "URL:mal" same ambiguous error message.  I'm thinking that avast keeps a database of "virus" urls, when does this refresh?

Now I'm getting this?!? "JS:ScriptIP-inf [Trj]" Argh! I supposedly have a "trojan horse" now according to Avast, yet google and virustotal say I don't? This is driving me nuts.

Is there an actual log file? So I can see what is supposedly causing this?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #9 on: August 17, 2010, 11:02:03 PM »
Yeah that's the weird thing it look clean now, can you view it on your computer with Avast running? http://www.raceonusa.com
I just get error messages from avast warning me about a supposed Trojan Horse, but how is that possible if all the virus scanning sites give it a clean bill of health?

http://www.raceonusa.com/|>{gzip}

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: avast gives url:mal error - cannot open my website!
« Reply #10 on: August 17, 2010, 11:09:52 PM »
If i trie to go there on my avast comp i get a block....

one strange thing, my last VT scan is showing clean but if you open the one you posted (VT URL scan ) and look on top of it, there is a " View downloaded file analysis " click it and you have avast/GData detection.. ???

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: avast gives url:mal error - cannot open my website!
« Reply #11 on: August 18, 2010, 11:18:46 AM »
Hello,

Your website is currently hacked and used to distribute malware -> that's why we started to block your domain. You will have to remove malicious scripts which was added into your website - php/exe/java/etc (It would be nice, if you can collect them and send them in password protected archive to virus@avast.com).

All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
Code: [Select]
hxxp://www.raceonusa.com/Home/exemple.com/
Regards

PS: We will not remove your domain from blocklist until you fix the problem.

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #12 on: August 19, 2010, 12:58:01 AM »
My ftp shows no such directory, also when I try that url with (http) it does not find a page.

Quote
hxxp://www.raceonusa.com/Home/exemple.com/
hxxp://www.raceonusa.com/Home/example.com/
hxxp://www.raceonusa.com/home/exemple.com/
hxxp://www.raceonusa.com/home/example.com/

I try http://www.raceonusa.com/home/ but there are no errors on the page that I or my host can find. I even downloaded the entire site and scanned with Avast with POP and there are no viruses.

Avast also sets off it's alarm with a generic new html page.
http://www.raceonusa.com/test.html
Even though this page is totally clean: http://www.virustotal.com/file-scan/report.html?id=325251f964f9a4ba36bc8eabdbdd7f94cbe7adfea1aa1636ecbe19bc5a09a979-1282171896

Avast false-positive classified my site as a "virus" site from my iframe which was from google.  Now I cannot get any of my pages to load without avast going nuts.


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: avast gives url:mal error - cannot open my website!
« Reply #13 on: August 19, 2010, 02:37:46 AM »
jsejtko is one of the virus analysts in the Avast Virus Labs team and if he says your site is infected, believe me you have a problem.

You don't say what the pop-up alert is, I suspect it is the Network Shield, blocking the complete domain and not the actual hXXp://www.raceonusa.com/test.html page.

So even if that page is actually clean, the block is on the domain as jsejtko mentioned in his post and not the physical page test.html.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #14 on: August 19, 2010, 07:46:18 AM »
Quote
All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
Code: [Select]
hxxp://www.raceonusa.com/Home/exemple.com/
Here's what he said, but I do not have such a directory on my server.

no /Home/exemple.com or example.com or lowercase home , that folder does not exist on my server, I even downloaded the entire site and scanned it with avast with POP mode enabled and disabled and it found nothing.

I also deleted my main /js java script directory , changed themes, nothing seems to delete this "virus". Is there another website than can give a non vague answer as to what file is supposedly effected?

Because this just says:
Avast   4.8.1351.0   2010.08.18   JS:ScriptIP-inf
Avast5   5.0.332.0   2010.08.18   JS:ScriptIP-inf

But it doesn't tell me which .js file is supposedly infected or what directory it's in or anything and having removed most directories I'm running out of options here.
http://www.virustotal.com/file-scan/report.html?id=57e2d3ab8c28712868313763312bf7da7536e2bebbe608cda2cf30c21a1cc3dc-1282181932