My company provides advertising technology to web publishers. This morning, we started receiving word that Avast had flagged our pixel-serving domain, a.dpmsrv.com, as malicious. We haven’t made any recent updates to our code, and there’s nothing malicious about the code at all. I submitted a ticket to their contact form and tried calling their support line as well (though that is really software support for users of their product, so they weren’t able to do anything). Is there anything we can do to get our domain un-flagged? All of our clients are calling us saying they’re getting complaints about malicious code on the site coming from us, and we can’t do anything to correct this. We also found that they’ve blocked our corporate site, datapointmedia.com, as well. Any help or direction that you can provide would be very much appreciated. Thank you!!
Could you share which message boards you are seeing this same behavior? Thank you very much!
Polonus,
Thank you for pointing out that link. Do you know of any other scanning tools that might be helpful for finding out why our domain has been flagged? We’ve been running nearly the same code for about a year now without any of these issues.
Pondus,
It was flagged as URL:Mal, and our corporate site was flagged with HTML:Script-inf
Does anyone know of any way to escalate this issue with Avast support beyond their contact form? Is there anybody I can call to speak with to try to move this along any faster? We haven’t had any response from Avast yet, and we’re currently affecting over 100 sites whose users are all seeing Avast throw a malware warning. Perhaps any of the moderators may be able to help us escalate this within their support team?
The potentially suspicious code: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: + has been called with a string containing hidden JavaScript code .
weitten in coffeescript
Suspected XSS Attack code
I have no idea what you guys are talking about. Most people I have talked to said basically that it is nothing except false positives and that Avast Internet Security (paid version) does not report anything wrong with these sites just the free version. Also other AV programs are not finding anything wrong. I can’t figure out how to make the popups stop and they are annoying so I’m just going to install MSE and drop avast.
edit: uninstalled avast, installed MSE, now i have no stupid popups. Good enough for me, thanks guys.
Nobody said that there was no false positive. It is all in the game with general and heuristical detections or blocking an IP with a lot of domains sharing the same IP. What we have pointed out to the webmaster or hoster of this site is that there are weak potential suspicous or vulnerable code on the site. If there are weaknesses or weak plug-ins being used with vulnerabilities then your site could be hacked any time and all of the time. Malcreants work on automatic, just luck when the vulnerable sites stays clean or the malware is taken down in time. Attackers always go for the low hanging fruit and theirs is an ongoing “game”.
If you say your not interested and rather downgrade to an av solution that will detect less and will give you a false sense of security around, OK with us. Do as you please, go into denial. We analyzed too many websites here not to be aware of the weak ponts in some…
Hi,
do you really doubt Avast’s trustworthiness??If you think or your friends think that MSE is a better solution,then go on and install it,i guess your friends are l33t haxx0rz and i will also like to inform you that Avast Free&Paid,they are both using the same engine.
Philip,
Regards
Sorry guys I guess I wasn’t clear. The technical things that you were posting, I did not understand. I don’t understand the terminology/technical language. I actually like avast better than MSE because I do believe that the protection is better with avast and avast has more features. But when I post on those boards or try to read them the popups are just going off non-stop and I couldn’t make them stop (or don’t know how to). It doesn’t seem like I’m getting any viruses/etc from using the board. And there is info there I need. I think what you might be saying is that there is a vulnerability there and the forums could become infected but they are not yet. So I am taking a risk if I use the boards. I keep backups so I can reimage if I have problems. I didn’t mean to offend anyone. One guy on the forum said he was using Avast Internet Security and wasn’t getting the warnings, but I don’t know the guy personally, he could be lying for all I know. Anyway this is the link to where it is being discussed:
If you get constant pop-ups the actual machine you get these from might be malware infested.
Post the logs mentioned here and a qualified removal expert might look into them and help you cleanse the malcode.
I shall PM the removal specialist,
Hi,
a comment from that forum you posted :
“paid avast internet security has not had any false positives and no threats today. seems to be only hitting the free version.”
This is by far one of the funniest comments i’ve ever read in my entire life,i am about to die of laughter ;D ;D .
One more :
“All the ones that work from Microsoft Security Essentials to Kasperky. They all work. Using a combo of them is good also. Plus your firewall and browser settings/plugins matter. Perhaps even more so than an antivirus program.”
Among the “computer geeks”,it is well known that you should NOT use more than 1 anti viruses,it’s a rule .Read here why : http://www.bleepingcomputer.com/forums/t/186533/is-it-bad-to-run-multiple-antivirus-programs/?p=1046121
My advice is to stay away from the bogus&wannabe computer technician that have no idea what they’re doing.