About virus URL: Mal

hXXp:\www.momus.com.tX There was Trojan :cry:

But now clean

avast still says that this site have virus URL: Mal. how to fix it

Please Help

Thank, You

hi seanchen,

Please make this link non-clickable as in hxxp:// as it is still malicious according to scans made a minute or less ago.

http://zulu.zscaler.com/submission/show/f58c278402b60a63f7f8fc09a96979f8-1349252702
https://www.virustotal.com/url/e708f77d19f41ee2903ac012775a29d74ed903e1a62e6539f9b3434ceaad726e/analysis/1349252821/
http://sitecheck.sucuri.net/results/www.momus.com.tw/
http://www.urlvoid.com/scan/momus.com.tw/
http://urlquery.net/report.php?id=210956

Also: hxxp://www.malwaredomainlist.com/mdl.php?search=momus.com.tw Do not click any links in this malwaredomainlist site as they are active live links to serious bad malware. You have been warned. Safe site to view but not to click within it on malicious links.

Are you the site’s owner?

→ http://www.siteadvisor.com/sites/momus.com.tw
→ http://zulu.zscaler.com/submission/show/f58c278402b60a63f7f8fc09a96979f8-1349253114

Yes, I site owner

Go norton safe web this week

re-evaluated site

to review the results is safe

I think it was my site poisoning

Antivirus company to refer to the same database list

Just that I’m not familiar with the origin is in there

I can confirm that my site is now clean

https://safeweb.norton.com/report/show?url=www.momus.com.tw

Please kindness of people to help me thank you

Does not appear to have changed one iota. Site is still extremely malicious.

EDIT: Please change your site you posted to hxxp://www.momus.com.tx This will protect other Avast! forum users here from becoming infected by your now live link if a mistake is made by clicking on it.

hxxp:// will make it non-clickable and save a bit of grief here.

Review of site by Norton could be old, made prior to the infections you still now have.

Zulu scan dated 10/03/2012 here: http://zulu.zscaler.com/submission/show/f58c278402b60a63f7f8fc09a96979f8-1349252702
Zulu scan dated today (10/05/2012) http://zulu.zscaler.com/submission/show/f58c278402b60a63f7f8fc09a96979f8-1349418343

No change whatsoever except the scan date has changed between them. Otherwise, they are identical. If there was a repair/fix to your site, the second new scan would reflect that. Not seeing that here.

What site poisoning are you referring to?

Thanks for your kindness answer

Avast antivirus software, I would like to ask how to do

Do not blocked xxx.momus.com.tw

Recovery so that people can link

Has no virus

It is clean

But now the URL blacklist

What formal methods can be applied for re-checking

Site has been spreading a dangerous bank trojan, known as Zeus. It has a bad web rep: http://www.mywot.com/en/scorecard/momus.com.tw?utm_source=addon&utm_content=popup-donuts
At the moment not given in Zeus tracker, but IP/domain might be blacklisted because of it’s history of spreading malcode.
Bitdefender TrafficLight also goive site als infectuous. Searching for the ISP gives a JS:ScriptIP-inf[Trj] alert
Malware migration found here: hxtp://momus.com.tw:8080/redirect.php?d=853fda24 (migrated from support at linode dot com)
Blackhole exploit kit
and htxp://173.255.255.139:8080/redirect.php?d=853fda24
2012/07/05_12:06 momus dot com dot tw:8080/redirect.php?d=853fda24 173.255.255.139 li281-139.members.linode dot com. Blackhole exploit kit ? / Harris Chen sungod.corpATmsa.hinet.net 6939
Nice write up for the type of malware being spread from there (in the recent past) http://www.mywot.com/en/forum/21464-qai-jar-malware-cve-2010-1885?comment=150338#comment-150338

polonus

@ polonus,

Thank you for that report.

Seems this site is infected. Why would the OP claim it is clean when it is not?

@ seanchen,

It is apparent that your site is infected, and has been in the past. I would suggest that, if you want Avast! to clear the block on it, you remove/cleanse the malware present. Once it is clean, then you can petition Avast! to remove the block.

As long as it is dirty, Avast! is not likely to unblock your site.

Thanks for your kindness answer

I have always said that the site has been cleaned up

polouns:
you say this file
(hxtp :confused: / momus.com.tw: 8080/redirect.php? d = 853fda24)
Deleted a long time

mchain:
you said (then you can petition Avast! to remove the block)
What do I do it? contact information from the channel?

I’m confused

Website hacker, I do not wish

I’ve been finishing the website clean

For up to two months, and I’m still on the blacklist

http://zulu.zscaler.com/submission/show/f58c278402b60a63f7f8fc09a96979f8-1349681453

Scanned today 10/5/2012 @ 0730 GMT. Still dirty and malicious. What are you cleaning?

http://global.sitesafety.trendmicro.com/result.php

Hi mchain,

He has to try and get off of the blacklist: http://sitecheck.sucuri.net/results/www.momus.com.tw/
Probably because of http://minotauranalysis.com/search.aspx?q=1c8a152f465d5f9db303df250047e3e1
No alerts here: http://urlquery.net/report.php?id=219777
About the actual situation: http://www.mywot.com/en/forum/27538-momus-com-tw?comment-166456
Considering avast you could try and report here: you can report FP here http://www.avast.com/en-no/contact-form.php?noStyles
then it is up to the coders at avast what they do with this report, in case of a true FP they are known to unblock soon with an upcoming update…

polonus

Thank you

I have rendered
http://www.avast.com/en-no/contact-form.php?noStyles

But do not know they will not bother me

thank you ageain for your answer