Clean web site is still blacklisted with Avast. Plz help me!

Viruses and worms
1

The site had a malware infection few months ago (favicon.ico). Now it clean, but avast still blocks the site. Can you exclude the site from avast’s blacklist?
The site is hxxp://areal-realt.ru

2

some still give it a bad rep…

TrendMicro - Malware site…but if you go to Trend Micro and scan, it will say OK ? http://global.sitesafety.trendmicro.com/
Websense ThreatSeeker - Malware site
MyWOT - DETECTED - http://www.mywot.com/en/scorecard/areal-realt.ru

http://www.virustotal.com/url-scan/report.html?id=1daf864245dd19022d066b8e32a7b3d6-1322165210
http://www.urlvoid.com/

3

OK, no alert if I bypass the network shield.

http://www.urlvoid.com/scan/areal-realt.ru finds two suspect the rest clear and http://sitecheck.sucuri.net/scanner/ chows clean.

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

  • If you are reporting an FP, then you get another input field open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for Network Shield review, etc. A link to this topic also wouldn’t hurt.
4

I completely cleaned the FTP
Now please open access

5

Hi Dz_raffi and DavidR,

Still see an issue here with the mootools.script (did you inspect it and upgrade):
-areal-realt.ru/media/system/js/mootools.js suspicious
[suspicious:2] (ipaddr:89.111.177.22) (script) -areal-realt.ru/media/system/js/mootools.js
status: (referer=areal-realt.ru/)saved 74434 bytes 09a31fe3b9bd81e4426614bf507f70076daf6f04
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [script] -areal-realt.ru/media/system/js/
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
info: file: saved -areal-realt.ru/media/system/js/mootools.js
(09a31fe3b9bd81e4426614bf507f70076daf6f04)

Re: 89.111.177.22 at hc dot ru has been misused in the past malware like PERL/Shellbot.a.6, PHP/BackDoor.AR, and unknown_html_RFI_php

Here the site is given as safe: http://urlquery.net/report.php?id=9589

polonus

6

I just deleted everything from the ftp. FTP is completely clean.
Why can not you open me access?

P.S. - sorry for my english.

7

To start with those who have responded are avast users and not avast team members, we can’t unblock it. That is why I suggested using the contact form to alert them and have the site reviewed again.

8

As DavidR rightly said, we are avast evangelists, avast user forum volunteers: avast users that help from their own free will and experience towards improving the avast products, we have no direct influence on this, and you have to wait for the avast team to clear it in a new coming update.
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues. Go there report and wait for the results,

polonus

9

Thank you very much guys!!))))

10

Guys, sorry but, this form - http://www.avast.com/contact-form.php?loadStyles doesnt work. How can i connect to avast support ?

11

what do you mean ?