avast tells me that my website is infected

I am the webmaster of wxw.pimpmyusb.midixtones.net.

The problem is that avast tells me that the site is infected.

The url that sent me the avast is this

http://www.avast.com/es-ww/lp-security-information-fp2?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fes-ww%2Fvirus-alert-challenger2&p_vir=URL:Mal&p_prc=C:\Users\Ing%20Fabian%20Vargas%20Q\AppData\Local\Google\Chrome\Application\chrome.exe&p_obj=http://pimpmyusb.midixtones.net/&p_var=.%2Ffa%2Fes-ww%2Fvirus-alert-default2&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=181&p_lng=es&p_lid=es-ww&p_elm=7&p_vbd=1426

I am 100% sure that I have nothing malicious on my website.

https://www.virustotal.com/url/7999902c336e8697db1355315ee384e8b379c545a00b97aa3b93b3c3a9286f4e/analysis/1334099738/
http://sitecheck.sucuri.net/results/www.pimpmyusb.midixtones.net

I await your quick help, please excuse my copy/paste translations


Soy el webmaster de hxtp://www.pimpmyusb.midixtones.net.

El problema es que avast me informa que el sitio web esta infectado.

La url que me manda el avast es esta

http://www.avast.com/es-ww/lp-security-information-fp2?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fes-ww%2Fvirus-alert-challenger2&p_vir=URL:Mal&p_prc=C:\Users\Ing%20Fabian%20Vargas%20Q\AppData\Local\Google\Chrome\Application\chrome.exe&p_obj=http://pimpmyusb.midixtones.net/&p_var=.%2Ffa%2Fes-ww%2Fvirus-alert-default2&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=181&p_lng=es&p_lid=es-ww&p_elm=7&p_vbd=1426

Estoy 100% seguro que no tengo nada malintencionado en la página.

https://www.virustotal.com/url/7999902c336e8697db1355315ee384e8b379c545a00b97aa3b93b3c3a9286f4e/analysis/1334099738/
http://sitecheck.sucuri.net/results/www.pimpmyusb.midixtones.net

Espero su rapida ayuda, perdonen mi traduccion

Nothing on URLvoid either, http://www.urlvoid.com/scan/pimpmyusb.midixtones.net/.

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

  • If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review, etc. A link to this topic also wouldn’t hurt.

Please break that link there (hxtp or wXw), because site is still given as URL:Mal site by the Avst Network Shield.
IP has been found to have been infected with PHP/Shell.CA.2 and PHP/Spy.Bull malware, now dead.
IP also known as a PHISH. Site given suspicious here: http://urlquery.net/report.php?id=42379
Full System Info is given out, like the full Apache version forms a risk, PHP/5.3.8 installed there has multiple vulnerabilities which could lead to hacks,
AS Name: CANACA-210 - Canaca-com Inc. This AS has 65 Blacklisted URLs which are malcious and have badware,

polonus

thanks polonus

well, what do I can do for fix this problem? why only with this subdomain have this problem? when I navigate in midixtones.net and another sobdomains of midixtones.net, all is fine, nothing happens with Avast Netkorks Shield thing, I contacted avast using the contact form like DavidR wrote and im still with the issue

thanks for support, and sorry my poor english

thanks polonus

well, what do I can do for fix this problem? why only with this subdomain have this problem? when I navigate in midixtones.net and another sobdomains of midixtones.net, all is fine, nothing happens with Avast Netkorks Shield thing,


See: http://zulu.zscaler.com/submission/show/e8d319721168c5b3af341c6bcba59faa-1335425274 At least here, two external site elements are reported as suspicious, and now you can see them.

Your english is more than good enough.

Zulu Analizer noticed that hxtp://pimpmyusb.midixtones.net/ was suspicious because the file "http://www.pimpmyusb.midixtones.net/fancybox/source/jquery.fancybox.pack.js " had a specific file-name, I renamed it to “fancybox.pack.js” and voila it is not a suspicious file no more, http://zulu.zscaler.com/submission/show/e8d319721168c5b3af341c6bcba59faa-1335454222, anyway I update the plugin code for a new version

help me guys

I dont know what relation have avast with http://zulu.zscaler.com, but I fixed the issue with zscaler.com and immediately the problem with avast was solved too (I guess that).

And just I renamed a file name for solve it :o

so, do you can notice to me if avast stills blocking my website or just for me is fixed?

@ phabyam,

There is no connection between Avast! and zulu.zscaler.com. It is only an online tool used to diagnose problems like these.

Best way to check is to go to your site in a day or so, and see if there are new alerts. Problem apparently was with malicious java coding.

Hi phabyam,

Make that your Apache version is not shown completely: http://www.ducea.com/2006/06/15/apache-tips-tricks-hide-apache-software-version/ (link source author = Marius) and http://www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html (link source article author = Grogs) so you won’t give this out to the world and malversants alike. Update and patch your website software fully, and keep an eye on all encrypted input like in the case of this attack,

polonus

Hi Polonus,

I really had no idea. Thanks for the links, though really the tip of the iceberg here as far as securing a server against attack. Interesting to read.

I was glad to help here, even if it was in a very limited way.

mchain

Hi mchain,

Thank you for your kind words. Yes updating, patching and scanning against vulnerabilities is the main task of the webmaster that not only has the security of his website at heart but also that of the potential visitors there. From being active here I found that a lot of these mass infections of webmails will take place because of vulnerabilities that could have been prevented or whenever cleansed would lead to re-infection. In a lot of cases infection has been made very, very easy for the malcreants and is performed via automated tools like. Read what Clinton Kar (link article author) writes on Media Contact: - http://investors.imperva.com/phoenix.zhtml?c=247116&p=irol-newsArticle&ID=1686235&highlight=

polonus