Hello there,

I’ve called you on Friday and you told my that me demand for virus fake notification would be checked in the next 48 hours but yet I don’t see any difference.

My website is totally clean according to http://is.gd/m2LHR7

What should I do to accelarate your checking time? I’ve got severe problem with my visitors

INFECTED - see attached screen shot (click to enlarge)

Malware found on javascript file: nethall.gr/wp-includes/js/l10n.js?ver=20101110

Malware found on javascript file: nethall.gr/wp-content/themes/nh11/js/jquery.js?ver=1.6

Malware entry: MW:JS:2368 - http://sucuri.net/malware/malware-entry-mwjs2368

VirusTotal - HTML scan
http://www.virustotal.com/file-scan/report.html?id=8250ed52f8caecd78497b78fbdb3dfa6c34eab0b9484e6aa094fae026feafd1d-1315817111

No it’s fixed, how long should I wait for the removal?

sorry but this one is still there, see screen shot

Malware found on javascript file: nethall.gr/wp-content/themes/nh11/js/jquery.js?ver=1.6

No it's fixed, how long should I wait for the removal?
and you dont have to wait for avast!....when you have removed what gives the detection...then the detection is gone

OK the file is replaced, is it OK now?

you can check here http://sucuri.net/

status: Verified Clean

Thank you

VirusTotal - HTML scan :wink:
http://www.virustotal.com/file-scan/report.html?id=c41eddbcf6f7c6a5daac16728e4f4f1e961707684b96f163743639f594f60596-1315823040

Pondus, thank you for your help!

Your wellcome :slight_smile:

Hello again,

I experience the following notification with avast:

Infection Details

URL: http://mcapenang.cu.cc/showthread.php?t
Process: file://C:\Program Files (x86)\Internet Explorer\iexplore.exe
Infection: al

http://sitecheck.sucuri.net/scanner/ verifies that my website is clean, what should I do?

Yes…clean but Blacklisted

URLVoid.com

Report 2011-09-18 21:45:35 (GMT 1)
Website mcapenang.cu.cc
Domain Hash 1b49cbf338f30cb1c54e1e7e460ea27f
IP Address 184.172.141.140 [SCAN]
IP Hostname cu.cu.cc
IP Country – (–)
AS Number 36351
AS Name SOFTLAYER - SoftLayer Technologies Inc.
Detections 3 / 23 (13 %)
Status DANGEROUS

Scanning site with: Google Diagnostic DETECTED
Scanning site with: MyWOT DETECTED
Scanning site with: Trend Micro Site Safety Center DETECTED

The website is this: hxxp://bit.ly/qEGUPf

Don’t hide the URL: in a bit.ly URL, post the URL and change the http to hXXp to break the active link.

Sorry about that :confused:

Good morning.

We still have the same problem in Nethall.gr. In http://sitecheck.sucuri.net/scanner, we found that our site is verified clean and not blacklisted.

Nevertheless, we got the following error from avast:

avast! blocked you from visiting an infected webpage
Infection Details
URL: http://separate-buffet.25u.com/showthrea
Process: file://C:\Program Files (x86)\Internet E…
Infection: js:Downloader-gen@bhv [Expl]

Warn your friends to avoid this website Twitter
Threat stats for last 30 days

Blocked infected sites: 41 840 160
Infected domains: 288 237

Can you please help us. Unfortunately, we lose visits with this problem.

Best regards,

George Baliotis
e-mail: gbaliotis@gmail.com

Report 2011-10-31 12:15:56 (GMT 1)
Website separate-buffet.25u.com
Domain Hash acd1a5fbaa103c24d1e8c6205bd83930
IP Address 95.163.66.209 [SCAN]
IP Hostname -
IP Country RU (Russian Federation)
AS Number 12695
AS Name DINET-AS Digital Network JSC
Detections 2 / 23 (9 %)
Status SUSPICIOUS

Report 2011-10-27 13:23:01 (GMT 1)
IP Address 95.163.66.209
IP Hostname -
IP Country RU
AS Number N/A
AS Name N/A
Detections 2 / 26 (8 %)
Status SUSPICIOUS

http://www.google.com/safebrowsing/diagnostic?site=separate-buffet.25u.com
http://global.sitesafety.trendmicro.com/
http://www.malwaredomainlist.com/mdl.php?search=95.163.66.209
http://www.mywot.com/en/scorecard/95.163.66.209

Hello Asyn.

Thank you very much for your quick response!

Can you help us find the infected file? Where did you find this Russian site? Where is it placed in Nethall.gr?

Thanks for your help in advance.

George Baliotis

You’re welcome…!
Sorry, no time to investigate further, atm.
Hopefully someone else can help you.
Good luck…!