For the last 2-3 days I find Avast blocking all pages of my website hxxp://www.gooddesigns.eu . I have scanned this site using urlquery.net , virustotal.com and urlscanner.net and have not been able to identify any problems. I have deleted the site and uploaded a new almost blank page with same results. I have downloaded the files and scanned them with avast but found nothing. Sometimes I get Connection closed by remote server and sometimes the site tries to open and I get the red Avast pop-up. have tried to get screen shot of pop-up but it doesn’t show.
I have contacted Avast twice reporting as possible false positive but no reply yet.
What might it be and how do I tackle this problem?
have tried to get screen shot of pop-up but it doesn't show.
if you have not restarted since last pop-up......right click avast tray icon "show last pop-up" click the pin in top righ corner to make it stay on screen
take screen shot and attach
Likely your site is clean, but the IP had issues,
malware from there mainly PHP/Pbot.A.6,
but also incidents of PHISH/TAM.A, VBS/Agent.ps, PHP/Small.AD,
and mdl_Leads to Blackhole exploit, all dead.
The IP Number 83.125.22.188 is not listed in Offensive IP Database.
Sitevet data on the AS that IP is on:
AS Name: LAMBDANET-AS European Backbone of LambdaNet
IPs allocated: 393216
Blacklisted URLs: 963
And we had some other issues where avast was blocking domains from an IP on this AS
BrightCloud Content and Reputation gives this IP a yellow 40 rep index, meaning
Suspicious
There is a higher than average probability that the user will be exposed to malicious links or payloads.
This scan gives it as suspicious: http://urlquery.net/report.php?id=36754
But a check on the javascript there with an unpacker does not show up anything relevant,
This is alerted by Sucuri: Local file specified: file:///F|/My%20websites/Good%20Designs%20website"
should look for updates and patches,
Spamcheck gives a suspicious because of DNSBL reports
Google Safebrowsing green
no further issues
Thanks Polonus. I am a newbie at this and not 100% sure what it is you are telling me but it seems clear to me the site is clean but I am allocated a different IP address each time I connect to internet and the IP address could have been associated with malware in the past - is that it?
I attach an image of the pop-up but can report that I have just run a full Avast scan and found nothing on my computer and (presumably unconnected) can now access my site no problem. Hope it lasts!