Dear Avast programmers !

Since several month almost no new customers calling me seeing my web site. I was wondering why. I have nod32 and my web site seems to me perfectly ok. As programmer to programmer you know exactly:
- your firm’s income is depending on how many people seeing you website, trying your program and paying for it.

Than yesterday one of my earlier customer told me he can not open my web page since a half year or longer… :o Because he’s using Avast antivirus.

I have tried to install it on one of my other computers (win7) and realized it

• is blocking at IE8
• is blocking at Chrome
• working (no block) under FireFox 3.5.7

But other people are saying: at their computer it is blocking under FireFox too !

I was looking my index.htm http://www.hamzen.hu/index.htm line by line and found NOTHING suspicious! Last modified: 2007.06

I have looked at google and found a same topic here other webmasters complaining about the same problem… http://forum.avast.com/index.php?topic=32895.0
( same “virus” )

It would be nice, if avast is blocking a site, your server would send an automated warning msg to the website’s e-mail ???

Your website probably has been hacked :o I scanned your website with AVG online scan http://www.avg.com.au/resources/web-page-scanner/ and it also says that it’s infected :-, to be sure scan your website with: www.virustotal.com and post the results here

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=www.hamzen.hu/index.htm

Hi szakilaci,

As you saw an Obfuscated iFrame is causing visitors of the hacked website to bet infected with this new Trojan, Re: http://archive.cert.uni-stuttgart.de/incidents/2003/10/msg00154.html

A method to cleanse and monitor for the webmaster is SiteMonitor, the support thread is at
http://forums.oscommerce.com/index.php?showtopic=221438

This will fix the hacker checking code. It should run on all sites now.
This is a full package. This contribution of SiteMonitor will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically,

polonus

@ szakilaci
From the link you provided - This large lump of obfuscated script is on a single line and highly suspect, see image edited to show all the line.

avast isn’t the only AV to find something wrong, http://www.virustotal.com/analisis/e6718e3cd6a115c4fa2f1262b0f43ba2afddfed0598362f0ef6574f42f389c54-1265755518.

Thanks for all those who answered !
Deleted that 1 line. Now it seems to be ok.
I’ll investigate more how that suspicious line appeared there… and since when… (maybe while moving to this new server.)

Still… It would be nice, if avast is blocking a site, your server would send 1 automated warning msg to the website’s e-mail…

You’re welcome.

How would it be possible to recognise blocking (or an alert) by your server, as to all intents and purposes it is blind to what is happening. If a site was completely blocked (if it were considered malicious and added to the malicious sites list) and not simply an alert in this case; avast blocks when you try to access a domain name you have to first get its IP address and avast can block that early, so any server wouldn’t even know it was blocked.

In the case of alerts, the same is very similar as a) you connect to the server and try to load the page, which starts its journey to the browser (server has sent the page and elements). avast redirects these into its web shield localhost proxy and they are scanned any infected page or element is dropped at that point and not saved to the browser cache. So the server isn’t really that aware of what has happened and wouldn’t know this was an AV blocking, etc.

Unfortunately your wish list isn’t such a simple task for a) the server to detect and b) send an email to the sites webmaster as it probably doesn’t have and email function nor access to an email database for sites owners (that email address list if available would also be liable to attach/harvesting).