AVAST became blocking our web-site. What can we do?

[dou908]

Our web-site is hxxp://dou908.hotbox.ru
We are don't change our web-site for a year, but AVAST blocking it now. Our visitors (only those who use AVAST) can't open pages.
The message of AVAST is "IS:Frameload-A".
What can we do?

[yaslaw]

http://www.UnmaskParasites.com/security-report/?page=dou908.hotbox.ru

[spg SCOTT]

Hi dou908, welcome to the forum

Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks.

Unfortunately the site does appear to be infected.
avast is not the only one to detect it:
http://www.virustotal.com/file-scan/report.html?id=083f57cdf3fdbac216a703fbc68d6c9dc182b0490f6f2d56982653ec652fa537-1298813258


There is a script that points to another site (and tries to download a toolbar) and then an iframe that calls this script...Both of them in combination cause avast to alert.

Scott

[dou908]

Mr. SCOTT.
Thanks for the well-made explanation.
We'll try to explain this to our hoster, but we have another one question, please.
If AVAST detects the script described above, why it blocking the whole page, but not this script only to allow view the safe page content?
It isn't a secret that a lot of royalty-free hosters adds an advertisment frames to pages of their users...

[doktornotor]

If AVAST detects the script described above, why it blocking the whole page, but not this script only to allow view the safe page content?
It isn't a secret that a lot of royalty-free hosters adds an advertisment frames to pages of their users...

They don't advertise, they try to force a stealth toolbar (qip.bar) install in your browser. Totally unacceptable. The detection and blocking is spot on. In the same way, it could download a virus instead of the toolbar. Change your hoster if they support such "advertising" practices.

[JANEWAY]

Avast! and Microsoft Security Essentials detects the site as infected

[dou908]

Thanks for answers. We are know that the site is infected (may be) and that it is "Totally unacceptable".

The question was "why AVAST blocking the whole page, but not this script only to allow view the safe page content?"
Everybody knows that those "Frames" aren't a page belonging but added by hoster to all pages of all their users. It must be a hosters problems, not pages masters.

[doktornotor]

The question was "why AVAST blocking the whole page, but not this script only to allow view the safe page content?"

Perhaps because it's none of antivirus business to be rewriting web page code?

Everybody knows that those "Frames" aren't a page belonging but added by hoster to all pages of all their users. It must be a hosters problems, not pages masters.

Really? How's an antivirus supposed to know who injected the code into the webpage?

[dou908]

Thank you, doktornotor.
That's quite clear.