Hello!

I’m looking for advise. Our web-site was attaked by viruses and then was added to black-lists of several antivirus sistems. We cleaned the site and most of antivirus systems deleted us from theys black-lists, but Avast didn’t (I supose AVZ and McAffe too). We cant understand what we slould to do to fix the issue. We wrote to Avast support but they didnt delete us from black-list.
Here is information about our web-site. Please, help with advise, what we should to fix.

Web-site: ladeya (dot) ru

Reports:
https://www.virustotal.com/ru/url/477ddfb5ee4b892c78b1f9291b1c7dc027fcf48912abbfe89afa6c43bc78a8b4/analysis/
http://app.webinspector.com/public/reports/75648644?cache=true
http://www.urlvoid.com/scan/ladeya.ru/
https://sitecheck.sucuri.net/results/ladeya.ru
https://zulu.zscaler.com/submission/78324f98-ef8d-42b7-8b5e-c4d9fd2e69ea

product: Avast Free Antivirus
Version 17.7.2314
171009-0
Last update today.
Identifyed like URL: Mal, there is no more addedtition information.

Thank You.

You can report a URL here: https://www.avast.com/report-a-url.php

Hi Ilya2017

IP was blacklisted as Client IP, ET MALWARE Windows executable was sent when remote host claims to send an image.
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
See also → -www.mngi.su/

Site seems now been given the all green: https://urlquery.net/report/0e3c08fc-0002-42fa-b97c-7d545d37abe6

From same IP this malcode was launched: -ylianova.ru/joomla/1s-bitriks-nulled-ili-kak-prodlit-probnyiy-period.html
The once malware came through -bitrix.info

Wait for an avast team member to comment your present situation, as we are only volunteers with relevant knowledge,
but only avast team members unblock.

Take this up with the hoster, SpaceWeb, as you can become a victim of wat other domains do sharing the same IP,
avast then should exclude you from a general IP block. Seems they already did.

IP blacklisted by
1 Coupon Report Discounts 50%
2 Fundamental Health Solutions

polonus (volunteer website security analyst and website error-hunter)

Thanks. I’ve sent my URL and waiting for response. Hope Avast will answer soon.

You’re welcome.

Thank for details!
What is mean “blacklisted as Client IP”? Is it supose that another web-site from the same IP (77.222.57.253) may be infected and that’s why that IP was blacklisted?
I’ve sent request to my hoster and they answered that our web-site wasnt infected according they information and IP (77.222.57.253) wasnt blacklisted.
Unfortunetly, Avast continue to block us

I checked all files from my website’s ftp by Avast antivirus, there was no issues found.

There could indeed be a general IP block.
Wait for an Avast Team Member to appear here and give the final verdict for your site,
and eventually unblock…

SiteVet report for your hoster: http://sitevet.com/db/asn/AS44112 157 bad URLs.
Server info proliferation: overflow exploitable nginx 1.9.12
See risk status: http://toolbar.netcraft.com/site_report?url=http://77.222.57.253

polonus

The domain was blacklisted because of Nemucod spreading from here: ladeya[.]ru/counter?00000015viszf54bfxdrz4bekvrf4exmbsjme5sk01347300miib[another 300 characters]
I am glad to hear you have cleaned the URL, and I am unblocking it now ;).

I've sent request to my hoster and they answered that our web-site wasnt infected according they information and IP (77.222.57.253) wasnt blacklisted.

Thanks!