Hello guys, I just would like to know why my domain : www.youcreate.us is listed as virus for Avast 
I don’t even have a webhost atm, so there should be not have any problem.
Thank you.
and what is it that avast say ?
can you attach a screenshot of the avast warning ?
Well it is the network shield that considers the site malicious.
Sucuri doesn’t find anything (http://sitecheck.sucuri.net/scanner/), but it isn’t checking many files. Note the #3 cross site link (see image2, I don’t know if that has any bearing on the alert.
OK have scanned the URL with the usual online tools and they all say clean
Yes but is it possible to fix that ?
Because I am opening a business site, and don’t want to have any problem with it 
you can report it here
Hi Pondus,
No Pondus, you are wrong here, the avast Network Shield is right, and there is a link to a malware site according to VirusWatch,
Did you check this in the code then there at that site?. Re: -dtxgp6m38uroo.cloudfront.net/cdn/0/assets/js/v20.001.global.min.js suspicious
[suspicious:2] (ipaddr:204.246.169.234) (script) -dtxgp6m38uroo.cloudfront.net/cdn/0/assets/js/v20.001.global.min.js
status: (referer=-www.namecheap.com/domains/domain-name-search/results.aspx)saved 19170 bytes 5783def934114d073e4966f61dec44314c51eb92
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable a.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var a.fn = 1;
error: line:1: …^
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
In this case it is Regworks, only flagged by Sophos found at
-http://dvcixu8193kj.cloudfront.net/quickscan/RegWork.zip
Avast detection is perfect! Chapeau to the avast network shield developers!
polonus
Does anyone know what the long url is for at the beginning of the body?
Hi Donovansrb10,
You have to decipher the obfuscation algorithm to know what that is. The ViewState is obfuscated to avoid tampering with it, so it not really a solution to try and deserialize it.
So nothing to see here, just move on ;D
polonus
Hi Donovansrb10,
Well that is not all and completely true, because where viewState may be securely obfuscated, you may be able to tamper with the context thereof to alter the workings of the application through specific attacks,
polonus
The first link shows the coding you have in your website that directs to a site used by your website provider.
The second link shows the coding in the website provider’s website that directs to the virus javascript file, as described by Polonus.
~Donovansrb10
How to get rid of that ?
I just bought my domain and get this, WTF really !
Your website provider has this coding built into your site that goes to their site that has a virus. If you can edit the HTML directly, delete their searchurl coding and see if it allows that. You can try contacting someone that works for the site to ask them why they have a virus on their site; if it was hacked, etc…
Hi DeMoNi,
Donovansrb10 gave links to the images of the suspicious code,
You could take the issue up with the registrant of that amazon adcode link:
Registrar: Markmonitor.com
Registrant Name: Legal Department
Registrant Email: hostmasterATamazon.com
Created on: 2008-04-25
See: http://urlquery.net/queued.php?id=8572
Not detected here: http://siteinspector.comodo.com/public/reports/630616
polonus
namecheap.com/domains/domain-name-search/results.aspx
http://www.virustotal.com/file-scan/report.html?id=be838740e7a7e21297500e5c14037f1a48daf7fae0ef4ddb00d73d8d326f35ba-1321401895
dtxgp6m38uroo.cloudfront.net/cdn/0/assets/js/v20.001.global.min.js
http://www.virustotal.com/file-scan/report.html?id=9d4e9468f06588ea828ed6976bf231c6ea3719c73769d4d90d1f4ae450507cb9-1321402026
URLQUERY - click picture in top right corner to view
http://urlquery.net/report.php?id=8576
http://urlquery.net/report.php?id=8577
Hi Pondus,
But don’t you get an “Error from cloudfront X-Amz-Cf-Id:” there? Anyways it is “nested 3 times” tracking ware code from markmonitor’s, like they had with kissmetrics (something like fishjar global.min.js = KISSAlbum). It is all being sent to websites owned by Amazon dot com for two days, it is now the 16th and it expires on the 18th, meant to serve up online classified ads. Tracking issue, spyware, whatever, I personally should like to block it,
polonus