On my windows machine my avast scanner gives me an error and won’t let me load my page. When I uninstall avast or use my Linux machine it works fine, but I have customers that unfortunately use avast.
I tried clicking on real-time shields > web shields, it just tells me that the web shield started and stopped, gives me no information about the blocked website. The logs there are completely useless.
On the “blocked site” error message it has a “More Information” link, which is merely a sleazy sales gimmick that forwards you to avast’s website to buy the full version, it gives no information about the error message.
Ok so I’ve seen you helping out lots of ppl on this forum and on a previous forum you were going over how to fix run dll viruses…
If you would help me I would greatly appreciate it!! So every time I boot up my computer, it gives me an error message in some RUNDLL box… so I’m pretty sure that is the virus I have… Anyway… I’ve downloaded AVG, Malewarebytes, and OTL and none of them can locate the virus and get it off my computer. AVG spots something and will move it to virus vault but it just comes back the next day. I can’t get on internet explorer or everquestII, but that is the only two I am noticing right now that it isn’t allowing me to get on. Could you please, please help!!
oh I’m sorry I posted in the middle of this forum, I am very new to this website and can’t figure out how to send PM’s so I apologize =(
Which isn’t a virus. Sure it could be if it was pointing to a webpage that had viruses, but mine was pointing google’s talk badge. So there’s no virus here.
I’ve disabled avast , rebooted, started, stopped, and still avast say “URL:mal” same ambiguous error message. I’m thinking that avast keeps a database of “virus” urls, when does this refresh?
Now I’m getting this?!? “JS:ScriptIP-inf [Trj]” Argh! I supposedly have a “trojan horse” now according to Avast, yet google and virustotal say I don’t? This is driving me nuts.
Is there an actual log file? So I can see what is supposedly causing this?
Yeah that’s the weird thing it look clean now, can you view it on your computer with Avast running? http://www.raceonusa.com
I just get error messages from avast warning me about a supposed Trojan Horse, but how is that possible if all the virus scanning sites give it a clean bill of health?
If i trie to go there on my avast comp i get a block…
one strange thing, my last VT scan is showing clean but if you open the one you posted (VT URL scan ) and look on top of it, there is a " View downloaded file analysis " click it and you have avast/GData detection… ???
Your website is currently hacked and used to distribute malware → that’s why we started to block your domain. You will have to remove malicious scripts which was added into your website - php/exe/java/etc (It would be nice, if you can collect them and send them in password protected archive to virus@avast.com).
All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
hxxp://www.raceonusa.com/Home/exemple.com/
Regards
PS: We will not remove your domain from blocklist until you fix the problem.
I try http://www.raceonusa.com/home/ but there are no errors on the page that I or my host can find. I even downloaded the entire site and scanned with Avast with POP and there are no viruses.
Avast false-positive classified my site as a “virus” site from my iframe which was from google. Now I cannot get any of my pages to load without avast going nuts.
jsejtko is one of the virus analysts in the Avast Virus Labs team and if he says your site is infected, believe me you have a problem.
You don’t say what the pop-up alert is, I suspect it is the Network Shield, blocking the complete domain and not the actual hXXp://www.raceonusa.com/test.html page.
So even if that page is actually clean, the block is on the domain as jsejtko mentioned in his post and not the physical page test.html.
All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
hxxp://www.raceonusa.com/Home/exemple.com/
Here's what he said, but I do not have such a directory on my server.
no /Home/exemple.com or example.com or lowercase home , that folder does not exist on my server, I even downloaded the entire site and scanned it with avast with POP mode enabled and disabled and it found nothing.
I also deleted my main /js java script directory , changed themes, nothing seems to delete this “virus”. Is there another website than can give a non vague answer as to what file is supposedly effected?
Because this just says:
Avast 4.8.1351.0 2010.08.18 JS:ScriptIP-inf
Avast5 5.0.332.0 2010.08.18 JS:ScriptIP-inf
I CAN see that page, and carelessly I forgot to insert “view-source:” before the URL and I almost got infected… Java started just after I opened that page
I don’t know why you can’t see that page, but this kind of infection usually cached accessed IP addresses and denies accessing from same IP. Maybe this is the cause?
I also tried “example” instead of “exemple”, same thing, virus total says its clean, but is also says Virus Report not available, so maybe the page does not exist?
Michael Hicklen || Staff 08/19/2010 10:07
Hello Edward,
Honestly, there is a distinct possibility this is a false positive. Try installing a fresh copy of Magento to a subfolder and running virustotal on it. I’ve scoured your files and I can’t find anything ever remotely malicious. I think the heuristic scanners are just too sensitive and are detecting javascript as malicious.
Michael Hicklen
Level 2 Support
SimpleHelix, LLC
866.963.0424
I think I’ll try this, I had to copy view source text to a new raceonusa.com/test.html and remove text bit by bit to see what was causing it, turns our that the JS that I remove is actually the default from magento and not laced with any viruses. Also the default .js files that the HTML is loading are ones I replaced from the default install, yet avast still says it’s got a “JS:ScriptIP-inf” error. Only if I delete all Java script, including the original default magento java script then it passes as clean. I even ran the JS files separately in virustotal - they are totally clean.
This site is malicious, so make all links non-click-through putting htxp wXw
Threat Report
Total threats found: 1
Drive-By Download
Threats found: 1
Here is a complete list:
Direct link to: htxp://www.raceonusa.com/index.php/raceonusa-hiflex-type-298b-complete-8-piece-wide-body-kit-lexus-sc-series-92-00-2-door.html
Location: htxp://www.raceonusa.com/?gclid=CNfPw4TquaMCFeQD5QodpESTYw
As recommended in Matt Cutts blog to prevent Fake glid,
you can change the search engine spider response to a tagged page, by adding:
I even scanned it from my windows virtual box just now and avast says my website files are virus free.
This has got to be a false positive, it’s my domain that’s setting off the alarm bells, nothing to do with malicious code.
My system is free of viruses and running Ubuntu linux on the desktop and centos on the server. My host Simple Helix confirms that there is no virus. This is something in Avast’s database flagged my domain most likely. Any Java on my domain sets it off, how can I certify my website off of this hyper sensitive level?
How do I get them to lift this ban?
I think this whole nightmare is because Avast incorrectly assumed my google iframe chat box was an “iframe” virus, even though the code is verbatim copied from Google’s recommended default for the chat box.