clean site coming up with malicious warning

a site that i have been going on for a year has just started to today to give malicious url warnings and being blocked by avast. i’ve used sucuri site check and it says that the site is clean. any ideas why its doing it, and how can i stop it from blocking the site

edit: i have ran mbam, and have no infected area, ran an avast scan and there’s no virus’s. i’m not a techy person as you can probably tell, so any advice on this would be great, and much appreciated.

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0

Can you post the not-live link to the site? (change http for hxxp, for instance or add spaces between the url).

Check here how to clean and make a website secure.

not sure about encrypted script/iframe.
it’s possible the site may have been hacked

link: hxxp://www.ge-xtreme.com

(other people have been able to use the site without getting warnings)

hey according the virustotal is clean so i must be as tech said something in the script.

https://www.virustotal.com/url/fd861516345cfd0d7655be5c197fc5e68ec2969d541fbae811d19a1789c9ae7b/analysis/1327347539/.

so if its something within the script then that would be down to the admin’s/site to fix the issue.

hmmmmm…one strange URL you scanned there Mikael http://hxxp/wxw.ge-xtreme.com :wink:

urlQuery - http://urlquery.net/report.php?id=17399

Suspicious code could be this there: -www.ge-xtreme.com/arrowchat/external.php?type=djs suspicious
[suspicious:2] (ipaddr:80.82.64.71) (script) -www.ge-xtreme.com/arrowchat/external.php?type=djs
status: (referer=www.ge-xtreme.com/)saved 3558 bytes 3aa07031c32ff8a3c55acbb6f11bf91bf422bda6
info: [decodingLevel=0] found JavaScript - cannot get file attributes with error: possibly unwanted spoofed…IP given on autoshun MALWARE internal machine attempting to contact Zeus cmd and cntrl 6";reference:url,zeustracker.abuse.ch; given as a snort rule.
See: https://zeustracker.abuse.ch/monitor.php?host=80.82.64.71 (status offline)
suspicious: IP has been functioning as Zeus Vr drop zone (gate.php/config.bin -offline),
Do not know for external.php (a silkroad4world dot com example is existing), furthermore consider this info: http://docs.joomla.org/Htaccess_examples_(security)

polonus

Suspicious code could be this there: -www.ge-xtreme.com/arrowchat/external.php?type=djs suspicious
The .php file comes down as a 0kb file.....so seems to be gone

Hi Pondus,

Then all of our efforts were in vain, and we only caught some daily dirt of what could have been there in the past. Alas one should keep an eye out for php exploits there all of the time to avoid issues for the future,

polonus