Hi, I believe Avast users are encountering false positive malicious URL warnings when going to my photography company’s website. Only users of Avast are hitting this issue. I submitted a inquiry via the submission form but hoping there’s something that I may do quickly.

www . manddphotography . com

Thanks in advance for any advice

welcome to the forum. look like a false threat acording to the virustotal report here.

http://www.virustotal.com/url-scan/report.html?id=9ff3156ba6a1ff3767ccf9323a1b1e96-1315540934 only bitdefender seems to react on it.

check this site to report your site as a false url detection

http://www.avast.com/contact-form.php?loadStyles

good luck

I was trying to investigate and reply to this last night, but was having problems with the forum.

One of the sites I use to check these things reports your wordpress is out of date and currently there are a huge amount of sites having problems with vulnerabilities in out of date wordpress versions. One related to themes, timthumb I believe.

Since there have been a number of alerts by the web shield (image1), this has effectively passed on the the network shield which is blocking the site right now.

I believe the problem is your jquery.js script (image2) may be infected/hacked.

manddphotography.com/wp-includes/js/jquery/jquery.js

There was a similar post about this jquery.js file (try a forum search for the file name) and they replaced the jquery.js file and that resolved the problem, but id doesn’t resolve the reason why, so you need to keep wordpress up to date.

####
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

• If you are reporting an FP, then you get another input field open (image3), click Browse button and navigate to the file or enter the web URL for the site you wish to submit for review (network shield and web shield), etc.

Do not see anything there: http://urlquery.net/report.php?id=2718
neither do I here:
http://wepawet.iseclab.org/view.php?hash=a2d96af5a40cb70b3fe21733a863b810&t=1315575036&type=js

polonus

thank you all for your feedback and advice. I have verified the site is running WordPress 3.2.1 and I continue to have potential clients tell me they are unable to access.

I’ve submitted a second inquiry to Avast through the link provided. Is there typically a good turnaround of such requests/investigations if legitimate?

Thanks again, very much appreciated

The turn around time is usually quite fast, if confirmed a false detection.

Hm…only avast and G-Data detected it…
http://www.virustotal.com/file-scan/report.html?id=af633344ae6f7d6d66141126e7bbff022a2c8328c5867eb8c0aeef8fa90164bd-1315548139

Since GData uses avast as one of its two engines and the signature is the same, effectively it is only avast that is alerting.

However, signature detections in the index page may not be all of the story, if the jquery.js file in the script tag that is the problem, which is why it needs to be investigated by avast.

Hi DavidR,

Is this the code that should be checked according to you?
See attached gif

pol

No it is in my image2 above the script tag pointing to the jquery.js file, which has appeared a lot recently, in relation to this wordpress hacking issue.