« previous next »
Pages: [1]   Go Down

Author Topic: False positive on my site  (Read 3862 times)

0 Members and 1 Guest are viewing this topic.

pompousjohn

  • Guest
False positive on my site
« on: August 31, 2010, 05:01:03 AM »
One of my sites is currently blacklisted by Avast even though I cleaned it over a month ago.

Is there some way I can have it de-listed?

the site is (NSFW) hxxp://tubemarvel.com

The site was compromised as a result of my windows partition on my macbook
pro being infected with a keylogger, from there my email password was
compromised.

The FTP password was in my gmail and and was used to infect the site. I
changed the password to a new one that is not in my gmail, I am no longer
using my gmail as a place to store sensitive data, also my gmail is being
monitored against unauthorized access.

I have installed google webmaster tools on my website which is able to
detect these infections and alert me, I have also stopped using eset
antivirus on my windows machines since it was unable to detect the threat,
both on my local machine and the website.

I am using Kaspersky now and monitoring the site daily for any possible
malicious code.

If there is something else I should do I would be happy to try it.
Logged

Gargamel360

  • Guest
Re: False positive on my site
« Reply #1 on: August 31, 2010, 05:09:35 AM »
Url Void says that is not the only blacklist you are currently on.
#######################################

Report    2010-08-04 14:21:51 (GMT 1)
Website    tubemarvel.com
Domain Hash    cbdc9d59d89cc2bd0b7553064743afdb
IP Address    38.107.220.152 [SCAN]
IP Hostname    -
IP Country    US (United States)
AS Number    30063
AS Name    DEDICONET - Dedico.com
Detections    4 / 16 (25 %)
Status    DANGEROUS
      
Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    CLEAN
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    UNRATED
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    MalwareDomainList    DETECTED
Scanning site with:    MyWOT    DETECTED
Scanning site with:    Norton SafeWeb    CLEAN
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    DETECTED
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    DETECTED
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    UNRATED
Scanning site with:    ZeuS Tracker    CLEAN
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: False positive on my site
« Reply #2 on: August 31, 2010, 08:03:42 AM »
Logged

pompousjohn

  • Guest
Re: False positive on my site
« Reply #3 on: August 31, 2010, 02:06:15 PM »
Quote from: Pondus on August 31, 2010, 08:03:42 AM
NoVirusThanks - 1/16 -INFECTED
http://scanner2.novirusthanks.org/analysis/91f7fcbfef8c2f1147377e3b46c6733b/aW5kZXg=/

Did you notice in the link you posted the only one detecting malware on my site is avast?

What malicious code is on my page? I cannot find any unauthorized code in the php files.

I am not a programmer but I did get a good look at the templates when I cleaned out the last virus.
Logged

pompousjohn

  • Guest
Re: False positive on my site
« Reply #4 on: August 31, 2010, 02:09:16 PM »
Quote from: Gargamel360 on August 31, 2010, 05:09:35 AM
Url Void says that is not the only blacklist you are currently on.
#######################################

Report    2010-08-04 14:21:51 (GMT 1)
Website    tubemarvel.com
Domain Hash    cbdc9d59d89cc2bd0b7553064743afdb
IP Address    38.107.220.152 [SCAN]
IP Hostname    -
IP Country    US (United States)
AS Number    30063
AS Name    DEDICONET - Dedico.com
Detections    4 / 16 (25 %)
Status    DANGEROUS
      
Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    CLEAN
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    UNRATED
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    MalwareDomainList    DETECTED
Scanning site with:    MyWOT    DETECTED
Scanning site with:    Norton SafeWeb    CLEAN
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    DETECTED
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    DETECTED
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    UNRATED
Scanning site with:    ZeuS Tracker    CLEAN

I wrote to all these people, I havent heard back from many but SURBL has agreed my site is clean and said they would delist it.

I dont understand why it comes up as infected as per SURBL on a URLVOID scan, but if you scan it directly at SURBL.ORG it comes up clean.
Logged

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: False positive on my site
« Reply #5 on: September 13, 2010, 02:25:35 PM »
Hello,
it will be fixed in next VPS.
Best regards
Jan Sirmer
Logged
Pages: [1]   Go Up
« previous next »