Author Topic: avast gives url:mal error - cannot open my website!  (Read 21420 times)

0 Members and 1 Guest are viewing this topic.

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5475
  • Whatever will be, will be.
Re: avast gives url:mal error - cannot open my website!
« Reply #15 on: August 19, 2010, 11:59:56 AM »
Quote
All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
Code: [Select]
hxxp://www.raceonusa.com/Home/exemple.com/
Here's what he said, but I do not have such a directory on my server.

I CAN see that page, and carelessly I forgot to insert "view-source:" before the URL and I almost got infected... Java started just after I opened that page :'(


And here is the collected malwares hosted / linked from that page, avast detects all of them:
http://www.mediafire.com/?fdcviu5bwc4whxb
Password: virus

I don't know why you can't see that page, but this kind of infection usually cached accessed IP addresses and denies accessing from same IP. Maybe this is the cause?
« Last Edit: August 19, 2010, 12:02:51 PM by NON »
Desktop: Win10 Pro 22H2 64bit / Core i5-7400 3.0GHz / 32GB RAM / Avast 23 Premium Beta(Icarus) / Comodo Firewall
Notebook: Win10 Pro 22H2 64bit / Core i5-3340M 2.7GHz / 12GB RAM / Avast 23 Free / Windows Firewall Control
Server: Win11 Pro 23H2 64bit / Core i3-4010U 1.7GHz / 12GB RAM / Avast One 23 Essential

Avast の設定について解説しています。よろしければご覧ください。

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #16 on: August 19, 2010, 07:49:47 PM »
Virus total says it's clean:

http://www.virustotal.com/url-scan/report.html?id=3ad10458e75c11999598c13cef7c11fc-1282232164

I replaced the hxxp with http.. Am I doing something wrong here?

http://www.raceonusa.com/Home/exemple.com/
http://www.raceonusa.com/Home/example.com/
http://www.raceonusa.com/home/example.com/

I also tried "example" instead of "exemple", same thing, virus total says its clean, but is also says Virus Report not available, so maybe the page does not exist?

For instance if I do

view-source:http://www.raceonusa.com/Home/exemple.com/

I get nothing.

Furthermore I don't even know why someone would even go to "Home/exemple.com/" that's not a link on any of my pages or part of my page structure.

Is "Home/exemple.com/" shorthand for something?







raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #17 on: August 19, 2010, 08:32:49 PM »
Quote
Michael Hicklen || Staff   08/19/2010 10:07
Hello Edward,

Honestly, there is a distinct possibility this is a false positive. Try installing a fresh copy of Magento to a subfolder and running virustotal on it. I've scoured your files and I can't find anything ever remotely malicious. I think the heuristic scanners are just too sensitive and are detecting javascript as malicious.

Michael Hicklen
Level 2 Support
SimpleHelix, LLC
866.963.0424

We would love to hear your testimonials about us:
http://www.ratepoint.com/profile/4550
How would you rate this reply?    Poor                    Excellent
I think I'll try this, I had to copy view source text to a new raceonusa.com/test.html and remove text bit by bit to see what was causing it, turns our that the JS that I remove is actually the default from magento and not laced with any viruses.  Also the default .js files that the HTML is loading are ones I replaced from the default install, yet avast still says it's got a "JS:ScriptIP-inf" error. Only if I delete all Java script, including the original default magento java script then it passes as clean.  I even ran the JS files separately in virustotal - they are totally clean.
« Last Edit: August 19, 2010, 08:34:40 PM by raceonusa »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: avast gives url:mal error - cannot open my website!
« Reply #18 on: August 19, 2010, 09:02:32 PM »
Hi raceonusa,

This site is malicious, so make all links non-click-through putting htxp wXw

Threat Report

Total threats found: 1

   Drive-By Download

Threats found: 1
Here is a complete list:
Direct link to:    htxp://www.raceonusa.com/index.php/raceonusa-hiflex-type-298b-complete-8-piece-wide-body-kit-lexus-sc-series-92-00-2-door.html
Location:    htxp://www.raceonusa.com/?gclid=CNfPw4TquaMCFeQD5QodpESTYw

As recommended in Matt Cutts blog to prevent Fake glid,
you can change the search engine spider response to a tagged page, by adding:

    User-agent: *
    Disallow: *gclid=*

polonus

   
« Last Edit: August 19, 2010, 09:17:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #19 on: August 20, 2010, 12:03:22 AM »
Brand new install, straight ftp of new install files to website:

Brand new unzipped straight from Magento's site:
hxxp://www.raceonusa.com/magento1411/index.php/install/

(I haven't even installed or touched files, I just unzipped the raw magento installation just downloaded it today)

Results in avast "virus", so either it's a false positive or Magento Commerce has a virus in their latest zip file.
http://www.virustotal.com/file-scan/report.html?id=c5d439c72e4965d51d90c20458e82314b9e5155e08bf3cce56b691e2efda8657-1282255096

I even scanned it from my windows virtual box just now and avast says my website files are virus free.


This has got to be a false positive, it's my domain that's setting off the alarm bells, nothing to do with malicious code.

My system is free of viruses and running Ubuntu linux on the desktop and centos on the server. My host Simple Helix confirms that there is no virus. This is something in Avast's database flagged my domain most likely.  Any Java on my domain sets it off, how can I certify my website off of this hyper sensitive level?

How do I get them to lift this ban?

I think this whole nightmare is because Avast incorrectly assumed my google iframe chat box was an "iframe" virus, even though the code is verbatim copied from Google's recommended default for the chat box.
« Last Edit: August 20, 2010, 12:10:32 AM by raceonusa »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: avast gives url:mal error - cannot open my website!
« Reply #20 on: August 20, 2010, 12:31:52 AM »
Hi raceonusa,

This could be part of click fraud malware in gclid (google code), if you scan your domain at Norton Safe Web. There was where I found the drive by download malware together with the location where it was to be found, so not only avast flags this, Norton too. it is a malware injection, there is not much you can do, unless you are the hoster,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #21 on: August 20, 2010, 06:49:27 PM »
I just had norton rescan my site:

http://safeweb.norton.com/report/show?url=raceonusa.com

totally clean, no viruses.

Is there a way to open a site dispute with avast?

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #22 on: August 22, 2010, 08:35:53 AM »
Is there a way I can  fight / contest this virus? Like a re-submit your site feature or something?

Norton web scan says it's completely clean now, all I had Norton do what rescan.

The only one that's giving me an error is Avast and it's a false positive, how I can get them to rescan my site?

Sure G-data also has a false positive and that's because it uses Avast as one of it's engines to scan.
http://antivirus.about.com/od/antivirussoftwarereviews/gr/gdatasuite2010.htm



Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5475
  • Whatever will be, will be.
Re: avast gives url:mal error - cannot open my website!
« Reply #23 on: August 22, 2010, 01:21:49 PM »
Is there a way I can  fight / contest this virus? Like a re-submit your site feature or something?

Norton web scan says it's completely clean now, all I had Norton do what rescan.

The only one that's giving me an error is Avast and it's a false positive, how I can get them to rescan my site?

There is still an infection that jsejtko said, so unfortunately it's not a false positive. I can see this (attached image) via three proxy.

Maybe Norton web scan only scans top page of your website (I can't find any infection in your top-page so far) so it says yours clean.
It seems "JS:ScriptIP-inf" applies blacklisted URLs in "<script>" tags without reserve so some innocent pages may get involved. :-\

Can't you see Home/ directory on your server? I don't intend to attack / criticize you, only wonder why you can't find it on your server.
Desktop: Win10 Pro 22H2 64bit / Core i5-7400 3.0GHz / 32GB RAM / Avast 23 Premium Beta(Icarus) / Comodo Firewall
Notebook: Win10 Pro 22H2 64bit / Core i5-3340M 2.7GHz / 12GB RAM / Avast 23 Free / Windows Firewall Control
Server: Win11 Pro 23H2 64bit / Core i3-4010U 1.7GHz / 12GB RAM / Avast One 23 Essential

Avast の設定について解説しています。よろしければご覧ください。

raceonusa

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #24 on: August 22, 2010, 07:58:56 PM »
I do not have a home directory, how is possible that it appears on your side?
(check out the attached remote file directories I can view, hidden files are visible) no /Home directory.


I checked my htaccess and have nothing in there with "exemple" or that malware ip.

Also when I try to run
view-source:http://www.raceonusa.com/Home/exemple.com/

Firefox Ubuntu = blank
Windows XP virtual box Firefox = blank
Windows XP virtual box IE = ...
Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type></HEAD>
<BODY></BODY></HTML>

Are you getting redirected to /Home/exemple.com for some reason?  What are the steps that lead you there.  I'm not sure how it's doing this.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: avast gives url:mal error - cannot open my website!
« Reply #25 on: August 22, 2010, 10:26:49 PM »
just some info, Opera browser is also blocking hxxp://www.raceonusa.com



YoKenny

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #26 on: August 22, 2010, 11:30:15 PM »
just some info, Opera browser is also blocking hxxp://www.raceonusa.com
So is IE8!

Quote
The webpage you tried to access is infected with a virus or other malware. Do not attempt to disable the avast! Web Shield in order to access the site.
http://www.avast.com/lp-security-information-pp?utm_campaign=Virus_alert&utm_source=pa_50_0&utm_medium=prg_systray&utm_content=en-us

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: avast gives url:mal error - cannot open my website!
« Reply #27 on: August 22, 2010, 11:38:49 PM »
Hi YoKenny,

finjan or rather M86security now, also detects it:
SecureBrowsing
htxp://www.raceonusa.com/

Finjan SecureBrowsing has analyzed the above web address as it currently exists on the web.

The analysis indicates that:
Potentially malicious behavior was detected on this page

What to comment further,

polonus
« Last Edit: August 23, 2010, 12:35:52 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

CharleyO

  • Guest
Re: avast gives url:mal error - cannot open my website!
« Reply #28 on: August 23, 2010, 10:16:59 AM »
***

Click the image below to see Opera's warning taken just 2 mins ago.


***