Avast treating image files as trojan

Hi,

I am using Avast free version 5.0.677, with virus definition version 100926-1, at the time of this posting.

I am facing a strange problem with my site hXXp://www.diadem.co.in/. Sometimes pages open nicely, but sometimes avast block some of the pages, but pure randomly. Same page sometimes opens nicely but sometimes got blocked by Avast. But strangely almost all the infected file is image files (gif, jpg and png). Though I am sure they are purely image files as I have developed them using photoshop.

I am attaching the log of Avast.

You can see on the log:

8/30/2010 10:36:06 AM hXXp://www.diadem.co.in/images/diadem/management-small.png [L] JS:Redirector-CV [Trj] (0)
8/30/2010 10:36:06 AM hXXp://www.diadem.co.in/templates/diadem/images/divider.gif [L] JS:Redirector-CV [Trj] (0)
8/30/2010 10:36:07 AM hXXp://www.diadem.co.in/images/diadem/support-small.png [L] JS:Redirector-CV [Trj] (0)
8/30/2010 10:36:07 AM hXXp://www.diadem.co.in/templates/diadem/images/bg-tabimage.jpg [L] JS:Redirector-CV [Trj] (0)
8/30/2010 10:38:14 AM hXXp://www.diadem.co.in/dedicated-servers/dedicated-server-faqs [L] JS:Redirector-CV [Trj] (0)
8/30/2010 10:38:14 AM hXXp://www.diadem.co.in/dedicated-servers/dedicated-server-faqs [L] JS:Redirector-CV [Trj] (0)
8/30/2010 10:40:54 AM hXXp://www.diadem.co.in/legal/terms-of-service [L] JS:Redirector-CV [Trj] (0)

The site is built using Joomla (PHP CMS).

Thanks,
Prasenjit

Please change ALL your links from http to hXXp so no one can click on them. Your sites lead to “suspicious” or possible malware and we do not want others to accidentally click on them.

I will give you a report in a minute.

Online Scanners:

UnMask Parasites:
http://www.unmaskparasites.com/security-report/ - scripting

Anubis: http://anubis.iseclab.org/?action=result&task_id=199fd92a0f22549c46da54849e717dab9 - full detailed report - + malware

URL Void:
Report 2010-09-27 09:49:12 (GMT 1)
Website diadem.co.in
Domain Hash f637d518ab3b366634930d106f1cafc7
IP Address 66.228.124.151 [SCAN]
IP Hostname diadem-tech.com
IP Country US (United States)
AS Number 36351
AS Name SOFTLAYER - SoftLayer Technologies Inc.
Detections 0 / 17 (0 %)
Status CLEAN

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: DNS-BH CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts UNRATED
Scanning site with: Malware Domain List CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN

Virus Scan Scan Website
SenderBase View Reputation
Anubis Analyze URL
Robtex DNS Information
Alexa Traffic Rank
Domain IP History:

  1. diadem.co.in => 66.228.124.151 => 2010-09-27 09:49:12

Virus Total…site down temporarily.

Hi safesurf,

What does that exactly mean? Do I need to worry about? Since this is website is for marketing the the company, it surely would create a bad impression if users get virus alerts…

Thanks

At this point, something appears to be wrong. You can click on the links I posted or have your webmaster see for themselves. One site says it is suspicious, another says it has malware, and another says it is clean. A site I would like to use is down now. However things change with these sites. The Unmask Parasites sites is indicating that there is a script error, so I would have whoever designed the site take a look at these links as it would tell them what the error is and help them fix it.

No alerts for me with the latest database(100926-1).

Hi Onix,

As I have mentioned earlier the virus alert is not showing all the time. Sometimes it shows sometimes its not… :frowning:

Thanks

Sometimes it takes a bit of time for the AV definitions to be updated for them to show up; this applies to all AV’s. That is why I was trying to get on the Virus Total web site.

Finally got through to VT:

http://www.virustotal.com/url-scan/report.html?id=a170ef1f40de97878a456707160eca44-1285569918 , but AV report is unavailable at this time. Will have to try to resubmit later in the day.

The opera report is showing “Error” but I could not find any details about that.

Opera may not have reported to Virus Total (VT) yet. The antivirus (AV) have not been reported yet, so you will need to check in with VT later and rescan it as a url scan: http://www.virustotal.com/.

I too am having issues (for the first time) with some websites that “I designed myself” in PHP. These sites have images in them. There is nothing wrong with them & took me a while to complete. (Between tablet art, Gimp and a few other graphics programs to get them how I want them.)
But it just isn’t the images, flags, lang and the ebayrss are also shown as having an issue. Some sites are from a reputable web designer from whom I purchased the sites. There has not been anything wrong with them before. I’ve had those files on my computer for over a year and nothing ever came up before in a scan.
Now all of a sudden it does?

This is annoying as well as aggravating. I have sites to set up and I don’t have time for phantom issues.

This is what I’m getting:

sl-worldofwarcraft\footer.php PHP:Agent-BJ [Trj]
dark-mood-v3\footer.php PHP:Agent-BJ [Trj]
NascarMini-Site\NASCAR site\ebayrss.php PHP:Agent-BJ [Trj]
DiabetesVideoSite\index.php PHP:Agent-BJ [Trj]
LayerPress\LayerPress\header.php PHP:Agent-IJ [Trj]
GreenDream\GreenDream\header.php PHP:Agent-IJ [Trj]

pet-grooming\lang.php PHP:Redirector-P [Trj]
costa-rica-vacations\lang.php PHP:Redirector-P [Trj]
herbs\lang.php PHP:Redirector-P [Trj]
coffee-maker\lang.php PHP:Redirector-P [Trj]
travel-insurance\lang.php PHP:Redirector-P [Trj]

congestive-heart\flags.php PHP:Redirector-P [Trj]

I need some help with this - is it an issue or what? I’m already notifying the designer of the issue and seeing if he has any trouble with the files. But for my business I need this resolved toot sweet!

This is the first time that I’ve had this kind of issue with Avast. I’m not pleased with it.

Hi starrweaver,

Please start a new topic by clicking this link. We wouldn’t want to bump another user’s topic, now would we?

I will assist you from there.

this topic is also from 2010. ::slight_smile: