system
1
Hello there,
I’ve called you on Friday and you told my that me demand for virus fake notification would be checked in the next 48 hours but yet I don’t see any difference.
My website is totally clean according to http://is.gd/m2LHR7
What should I do to accelarate your checking time? I’ve got severe problem with my visitors
Pondus
2
INFECTED - see attached screen shot (click to enlarge)
Malware found on javascript file: nethall.gr/wp-includes/js/l10n.js?ver=20101110
Malware found on javascript file: nethall.gr/wp-content/themes/nh11/js/jquery.js?ver=1.6
Malware entry: MW:JS:2368 - http://sucuri.net/malware/malware-entry-mwjs2368
VirusTotal - HTML scan
http://www.virustotal.com/file-scan/report.html?id=8250ed52f8caecd78497b78fbdb3dfa6c34eab0b9484e6aa094fae026feafd1d-1315817111
system
3
No it’s fixed, how long should I wait for the removal?
Pondus
4
sorry but this one is still there, see screen shot
Malware found on javascript file: nethall.gr/wp-content/themes/nh11/js/jquery.js?ver=1.6
Pondus
5
No it's fixed, how long should I wait for the removal?
and you dont have to wait for avast!....when you have removed what gives the detection...then the detection is gone
system
6
OK the file is replaced, is it OK now?
Pondus
7
you can check here http://sucuri.net/
Pondus
9
system
10
Pondus, thank you for your help!
system
12
Hello again,
I experience the following notification with avast:
Infection Details
URL: http://mcapenang.cu.cc/showthread.php?t
Process: file://C:\Program Files (x86)\Internet Explorer\iexplore.exe
Infection: al
http://sitecheck.sucuri.net/scanner/ verifies that my website is clean, what should I do?
Pondus
13
Yes…clean but Blacklisted
URLVoid.com
Report 2011-09-18 21:45:35 (GMT 1)
Website mcapenang.cu.cc
Domain Hash 1b49cbf338f30cb1c54e1e7e460ea27f
IP Address 184.172.141.140 [SCAN]
IP Hostname cu.cu.cc
IP Country – (–)
AS Number 36351
AS Name SOFTLAYER - SoftLayer Technologies Inc.
Detections 3 / 23 (13 %)
Status DANGEROUS
Scanning site with: Google Diagnostic DETECTED
Scanning site with: MyWOT DETECTED
Scanning site with: Trend Micro Site Safety Center DETECTED
system
14
The website is this: hxxp://bit.ly/qEGUPf
DavidR
15
Don’t hide the URL: in a bit.ly URL, post the URL and change the http to hXXp to break the active link.
system
17
Good morning.
We still have the same problem in Nethall.gr. In http://sitecheck.sucuri.net/scanner, we found that our site is verified clean and not blacklisted.
Nevertheless, we got the following error from avast:
avast! blocked you from visiting an infected webpage
Infection Details
URL: http://separate-buffet.25u.com/showthrea…
Process: file://C:\Program Files (x86)\Internet E…
Infection: js:Downloader-gen@bhv [Expl]
Warn your friends to avoid this website Twitter
Threat stats for last 30 days
Blocked infected sites: 41 840 160
Infected domains: 288 237
Can you please help us. Unfortunately, we lose visits with this problem.
Best regards,
George Baliotis
e-mail: gbaliotis@gmail.com
Asyn
18
Report 2011-10-31 12:15:56 (GMT 1)
Website separate-buffet.25u.com
Domain Hash acd1a5fbaa103c24d1e8c6205bd83930
IP Address 95.163.66.209 [SCAN]
IP Hostname -
IP Country RU (Russian Federation)
AS Number 12695
AS Name DINET-AS Digital Network JSC
Detections 2 / 23 (9 %)
Status SUSPICIOUS
Report 2011-10-27 13:23:01 (GMT 1)
IP Address 95.163.66.209
IP Hostname -
IP Country RU
AS Number N/A
AS Name N/A
Detections 2 / 26 (8 %)
Status SUSPICIOUS
http://www.google.com/safebrowsing/diagnostic?site=separate-buffet.25u.com
http://global.sitesafety.trendmicro.com/
http://www.malwaredomainlist.com/mdl.php?search=95.163.66.209
http://www.mywot.com/en/scorecard/95.163.66.209
system
19
Hello Asyn.
Thank you very much for your quick response!
Can you help us find the infected file? Where did you find this Russian site? Where is it placed in Nethall.gr?
Thanks for your help in advance.
George Baliotis
Asyn
20
You’re welcome…!
Sorry, no time to investigate further, atm.
Hopefully someone else can help you.
Good luck…!