My avast detects a virus on a website, the site is clean. I talked to the owner.

I have tried all the site to give it a scan:

AVG Online Virus Scanner |Scan Web Pages AVG LinkScanner Drop Zone
Dr.Web ® online check
Online Link Scan
Norton Safe Web, from Symantec
URLVoid.com BETA

Avast Report:

• Analysis Report shields in real time avast!
• This file is automatically generated
• Started on: Thursday, March 7, 2013 5:20:15

07/03/2013 19:02:17 hxtp://www.dgamers.net/ |> [Embedded: DeanEdwards] [L] JS: ScriptXE-inf [Trj] (0)

Help please… :-\

Well that site can be reached without any avast alert…
Here it was flagged but on another IP: http://urlquery.net/report.php?id=1323096
Nothing here: http://zulu.zscaler.com/submission/show/605ab99a72004da2688848e81f46d16a-1362760241
This was reported for the present IP last year: http://urlquery.net/report.php?id=151393
Site is clean as far as I can establish: http://quttera.com/detailed_report/www.dgamers.net

If you think you have malware, wait for a qualified malware remover to assist you,

polonus

INFECTED - http://sitecheck.sucuri.net/results/www.dgamers.net/

Malware entry: MW:JS:Depack http://labs.sucuri.net/db/malware/malware-entry-mwjsdepack

Hi Pondus,

Security issue or not? That is the question. According to some benign vbseo hack code
re: http://www.vbseo.com/f3/security-issue-41463/index4.html (given there in deflated, unobfuscated, decoded and depacked form) by Twelve-60.
But I can understand it is being flagged as better safe than sorry. It is SEO hack code all tight, but not malicious per se.
I got no avast flag going to the site with NoScript and RP active…

Used with php attacks it is this: http://www.victorciobanu.com/how-to-remove-mwjsdepack/ (link article author = Victor Ciobanu)

Like to hear what !Donovan thinks of this particular example?

polonus

According to the author of the site. He never received news of the malware, on your site. thank very much for help. Polonus, Pondus.

be reported. to the Author’s Website.

Sorry for my speech. not speak fluent English

Confirmed malicious. Conditional redirect based on cookies.

See attached,
~!Donovan

Hi !Donovan,

Thanks for that confirmation,

polonus

Hi Polonus,

Interesting results on VirusTotal:
https://www.virustotal.com/en/file/ab35fb658017e7e62e68e9768e47a68dbb6d1ae16dc2d1e46ca819cb5a1753a5/analysis/1362781263/
https://www.virustotal.com/en/file/6dbdfbad9ea84d2238ef5d696042bb3b03834fa4629674dc111d5b220cb18053/analysis/1362781244/

avast! is the only one to detect this malicious redirect.

~!Donovan

Hi !Donovan,

Yes, you are so right, and avast! is detecting more with avast! 8 and on new generic technology,

polonus

Hi
For the few last days Avast is blocking two of my sites, and I can’t get over it.
http://alfatonzdrowie.pl
http://cudowny.alfatonzdrowie.pl
Other antyvirus programs don’t have any problems with these websites (like Avira).
I reported that to my Hostgator hosting provider, they scanned my whole account, and they say it was clear. So please check what is going on with it.
I made a copy of one of the sites here: http://cud.irton.pl and it opens perfectly without any alarms.

http://nimga.com/m/Pyued.jpg

I also discovered that Avast treats some of the images in these websites as malicious, which is nonsense.

@Nesti
Nextime start your own topic as helping multiple users in same topic is chaotic

URL:mal means it is on a block list for whatever reason…does not have to be malware

if you think this is wrong, report it here. http://www.avast.com/contact-form.php. change subject to suite your case

I also discovered that Avast treats some of the images in these websites as malicious, which is nonsense.

Cannot this on the website software be upgraded/updated? Joomla Version 2.5.x for: htxp://alfatonzdrowie.pl//language/en-GB/en-GB.ini
This could have been a general IP ban for malware via this domain: htxp://www.apartmentwealthclub.com/wp-content/uploads/2011/02/RPMoffer.jpg etc. etc.
Now this malware is all dead. You could file a FP…

polonus

OK, I’ll report it as a false virus alert. Thank you.