Avast is detecting my website as a malicious site.

I am the owner of NEPARedline[dot]com which was registered on September 08, 2012 through Register[dot]com and is currently hosted on an Ubuntu VPS provided by Burst.Net in their Scranton, PA data center.

I have received several reports from others and have tested myself, Avast is currently listing my site as a malicious site in IE7, IE8, Chrome, and Firefox on Windows 7, Vista, and XP, both 32 and 64 bit.

According to both Virustotal and Avast [your own] online scanners, my site is clean. Please see the links below:

https://www.virustotal.com/url/880a4476357ab8ee9d4b49300d75146b7fb0601125dff6a251b6ac6e49d237ef/analysis/1349316151/
http://www.avgthreatlabs.com/sitereports/domain/neparedline.com/domain-search-widget/www.avg.com.au

Also, via Google webmaster tools, my site is also free of malware. I have searched for other online malware scanners and my site does appear clean.

What do I have to do to get my site unlisted and removed? It is hurting my reputation and preventing visitors from reaching the site.

Thank you.

http://zulu.zscaler.com/submission/show/2aada9a2be6df30dca0c4ed74aa70858-1349331203


Did the avast scanner give you a results? I do not see it in your post.

An inspection of the page code does show many java scripts all in red - that’s not good.


Seems, he thinks we’re AVG. :o ;D

Issue is with Gleam theme, partly outdated WP version on site…
(script) neparedline dot com/wp-content/themes/Gleam/js/html5.js
The 4um site is also suspicious: http://zulu.zscaler.com/submission/show/1903b6a97815c4f02e7441a7f64cf62e-1349348280
The location line in the header above has redirected the request to: htxp://neparedline.com/4um/
code injection hack found here /index.php?sid=050779c3b43a559ac84e9e25cc4d2d8f redirect…

polonus

This Zulu scanner is garbage and throws a warning at any type of javascript. It displays a bunch of false positives and is a great way to sell software to people who are fed anything when it comes to security due to their lack of knowledge.

When visiting my site with avast running, it blocks the connection and displays a warning about my site being malicious.

While the Gleam theme and WP are a few versions behind, there are no issues with either of them. As far as the forum goes, it is running the latest version of PHPBB3.

Again, Avast is saying my site is serving malware, it is not.

Hi NEPARedline,

You are utterly wrong on two points.

Zulu.zscaler scans are reliable, no scam whatoever, and based on various resources. I use the scanner not the way they try rto sell products. Sucuri came up with similar detection.
2. Being behind with website software updates leaves you open to hacks. Hackers and automated crawler malversant tool are “dorking” for an easy hack and you have the low hanging fruit like an easy or black hat PHP hack ready for them.
Oh, yet a third point,
Most website admins go into denial mode when being infected. It is a known reaction,

polonus

I know how it all works, scanning for open exploits/etc, but just because it’s an older version does not make it vulnerable. Being behind on updates does not make the website open to hacks, it just means that the latest features are not included. In the version log there is nothing claiming that any vulnerabilities or security holes have been patched or updated, after searching multiple different security based websites, there are no exploits or holes in any of the scripts that I am using. There are no vulnerabilities in the theme, plugins, wordpress version, or phpbb version that I am running, not even 0days.

As far as going in to denial? I’m not. I work for a web hosting company and know the drill, I keep offsite backups of the site that are made daily in case anything ever does happen and have multiple measures in place to log the event if anything ever does occur.

can you attach a screen shot of the avast warning so we can see exact what it say?

The site is blocked through a blacklisted IP, infection is JS:ScriptIP-inf[Trj] → your ip/btnG=[{gzip} via a perl exploit,
actual status of IP not known,

polonus


I was not running Avast when that code inspection was done nor did I use zscaler. I have independent ways of web page code inspection.

As Polonus stated, you are using an outdated version of WP which is not safe to use.


Hi NEPARedline,

IP is blacklisted and blocked by the networkshield because of issues -
Well I do not question your skills, as I assume you do not question mine.
Be it as you say, because I am open enough to accept that possibility.
The fact remains that another domain shared on that IP has caused the IP to be blacklisted (McAfee SiteAdvisor still blacklists it)
and something should be done about that.
The problem is given here: http://www.urlvoid.com/ip/184.82.79.74/
Your site is the victim because of the other site hosted there caused the IP ban.
It has HTML:RedirMe-inf[Trj]. You say you are the netsite owner,
So the problem apparently is with the hoster and the infection on that IP there.
See this report: http://sitevet.com/db/asn/AS21788 with 2601 blacklisted sites on that AS.

By the way from a file viewer alert: //** Is your rel canonical tag pointing to another domain?

There may not be issues now for your domain, there were a couple of days ago to cause the blacklisting at IP Void (now given all green).
If you feel clean, file a report for a FP here: http://www.avast.com/contact-form.php?loadStyles
Then it is up to the analysts at virus AT avast dot com.
They are known to soon come with updates to correct FPs,

polonus