Our website is www.hobbytronics.co.uk.
We discovered a malware apache intrusion yesterday that has now been resolved. The website ‘Yandex’ had blacklisted us but have resubmitted our site and it now reports our site as ‘Clean’.
Can the blacklist be removed as this is having a serious effect to our visitors.
Thank you 
Check your website with:
-virustotal.com
-securi.net
-unmaskparasites.com
Contact Avast team:
http://www.avast.com/contact-form.php
Thank you.
Bye 
The following should help you accomplish that task:
http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
Thanks for the link but this deals with infected files on websites. As I said, I think we have cleared the infection and are getting clean reports from a multitude of checker. Just want avast to update the status.
Thanks
Site apparently clean: Checking:http://www.hobbytronics.co.uk/catalog/view/javascript/jquery/tab.js
File size:545 bytes
File MD5:28e93d3989dde04a06c719374adba692
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/tab.js - Ok
Checking:htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.easing-1.3.js
File size:5565 bytes
File MD5:747222608476f823d43ef81b5eaaadc0
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.easing-1.3.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.easing-1.3.js/JSFile_1[0][15bd] - Ok
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.easing-1.3.js - Ok
Checking:htxp://www.hobbytronics.co.uk/catalog/view/javascript/common.js
File size:698 bytes
File MD5:48c56f290f23ad3efa164caabd07218d
htxp://www.hobbytronics.co.uk/catalog/view/javascript/common.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/common.js/JSFile_1[0][2ba] - Ok
htxp://www.hobbytronics.co.uk/catalog/view/javascript/common.js - Ok
Checking:htxp://www.hobbytronics.co.uk/catalog/view/javascript/header.js
File size:1822 bytes
File MD5:77b01cf556a95196a73a9fbfdc965043
htxp://www.hobbytronics.co.uk/catalog/view/javascript/header.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/header.js/JSFile_1[0][71e] - Ok
htxp://www.hobbytronics.co.uk/catalog/view/javascript/header.js - Ok
Checking:hxtp://www.hobbytronics.co.uk/catalog/view/javascript/bookmark.js
File size:411 bytes
File MD5:f251a2c324e26263a4aab9ed643ae244
htxp://www.hobbytronics.co.uk/catalog/view/javascript/bookmark.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/bookmark.js/JSFile_1[0][19b] - Ok
htxp://www.hobbytronics.co.uk/catalog/view/javascript/bookmark.js - Ok
Checking:hxtp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/ajax_add.js
File size:1016 bytes
File MD5:da5d817e57229f29682451b1cb5aaa08
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/ajax_add.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/ajax_add.js/JSFile_1[0][3f8] - Ok
hxtp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/ajax_add.js - Ok
Checking:htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.fancybox-1.3.4.js
File size:26.72 KB
File MD5:a82904ccd5244d58c35f247a2c2d2975
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.fancybox-1.3.4.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/fancybox/jquery.fancybox-1.3.4.js - Ok
Checking:htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/jquery-1.3.2.js
File size:117.68 KB
File MD5:a450a51b5ee72fc00a371183477c41be
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/jquery-1.3.2.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/jquery-1.3.2.js/JSTag_1[60d1][175e4] - Ok
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/jquery-1.3.2.js/JSTag_2[15a1b][7c9a] - Ok
htxp://www.hobbytronics.co.uk/catalog/view/javascript/jquery/jquery-1.3.2.js - Ok
Checking:htxp://www.hobbytronics.co.uk/catalog/view/javascript/fancybox.js
File size:665 bytes
File MD5:108c16b2434d838bf3f879b5eab6799f
htxp://www.hobbytronics.co.uk/catalog/view/javascript/fancybox.js - archive JS-HTML
htxp://www.hobbytronics.co.uk/catalog/view/javascript/fancybox.js/JSFile_1[0][299] - Ok
hxtp://www.hobbytronics.co.uk/catalog/view/javascript/fancybox.js - Ok
Checking:htxp://www.hobbytronics.co.uk/
Engine version:7.0.4.9250
Total virus-finding records:4012529
File size:44.84 KB
File MD5:798a744243beb724fc7b161f17f7cdbd
htxp://www.hobbytronics.co.uk/ - archive JS-HTML
htxp://www.hobbytronics.co.uk//JSTAG_1[58c][58] - Ok
htxp://www.hobbytronics.co.uk//JSTAG_2[5d89][39e] - Ok
htxp://www.hobbytronics.co.uk//JSTAG_3[ad36][1b7] - Ok
htxp://www.hobbytronics.co.uk//JSTAG_4[b17d][1cb] - Ok
htxp://www.hobbytronics.co.uk//JSTag_5[5d8e][399] - Ok
hxtp://www.hobbytronics.co.uk//JSEvent_6[77] - Ok
htxp://www.hobbytronics.co.uk//JSEvent_7[56] - Ok
htxp://www.hobbytronics.co.uk//JSEvent_8[56] - Ok
htxp://www.hobbytronics.co.uk//JSEvent_9[56] - Ok
htxp://www.hobbytronics.co.uk/ - Ok
Apparently site was attacked 7 months ago and just beyond 1 week ago.
These general PHP vulnerabilities should be checked: http://www.cvedetails.com/version/36749/PHP-PHP-5.1.6.html
with this as a likely candidate: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-36749/year-2013/opbyp-1/PHP-PHP-5.1.6.html
polonus
The first link given by JuninhoSlo is capable of dealing with false positives in regard to websites, you just need give more information in the report.
Use the on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
- If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review (Network Shield), etc. A link to this topic also wouldn’t hurt.
Thanks for the file check showing the site is clean.
I used the contact form yesterday to report the false positive but haven’t heard anything. I will retry but with a link to this arrticle. Is there a way on the avast website to check a website link to see if they have it blacklisted currently? Don’t know how long it takes to clear the block.
Thanks also for the links on how to stop further intrusions. Checking those out. I think it is worth mentioning we are now using md5deep to run a check on the files on our website every few hows and report any changes. Almost impossible to stop intrusions in practice but this should help us clean up an intrusion quickly.
The easiest way to check is to try to visit the site again and currently avast still alerts on it.
Usually avast are quick to correct something like this when/if confirmed to be an FP.
Just checked it for you guys. It’s still blacklisted.
You will see from the text that you quoted I already confirmed that ;D
Shh! :-[
Site found might have (had) hidden iFrame malware, blacklisted at: http://yandex.ru/infected?l10n=en&url=http://hobbytronics.co.uk/
and http://www.avgthreatlabs.com/sitereports/domain/hobbytronics.co.uk
Must be connected somewhere to activities of a malicious packer find from a link to “upfront.thefind.com”
http://www.threatexpert.com/report.aspx?md5=63e2dd0079ac63a3fe75eeb51451bb4b
see: http://forum.opencart.com/search.php?author_id=13286&sr=posts compromise…
polonus
http://my.jetscreenshot.com/18363/20130517-rvqa-58kb.jpg
detected as clean
http://quttera.com/detailed_report/www.hobbytronics.co.uk
http://www.webutation.net/go/review/hobbytronics.co.uk
http://sitecheck.sucuri.net/results/www.hobbytronics.co.uk/
http://zulu.zscaler.com/submission/show/2503c2bb438af012d4aa5b594a3d1b02-1368796809
http://wepawet.iseclab.org/view.php?hash=89d8cf69b2099df5db27d807cfdc871a&t=1368796821&type=js
http://www.urlvoid.com/scan/hobbytronics.co.uk/
Reported to analysts
Hello,
it will be unblocked.
Milos
http://www.hobbytronics.co.uk/
No longer blocked. Thanks Milos
Hi bob3160,
The FP reporting works. Thanks Milos,
polonus
Many thanks for the unblock. Relief to get block removed before the weekend.
Confirmed from here too: Not blocked, although it is loading slowly.
You can rest assured that if avast! isn’t blocking it for me, it also isn’t blocking it for any one else.
It’s either blocked for all of us or, none of us as long as you have the latest VPS update.