False positive (my site)

Hi,

My site, www.lolabou.org , was infected some monts ago, the problem was solved long ago, but avast is still blocking my site. I am so worried because it is my professional site! What can I do to fix it? Thanks a lot :slight_smile:

Oriol

Hi,
This will be fixed in next VPS.

Best regards
Jan Sirmer

Thanks a lot! :slight_smile:
How long will it take?
Best Regards!

Oriol

Hi,
you are welcome.
next VPS will be release today.

Best regards
Jan Sirmer

Maybe you should do more about it. I don’t know why it got 1 mark for Trustworthiness, Vendor reliability and Privacy in WOT(a plug-in for Firefox and Chrome). You know, the marks are given by its users. And I think people(like me, who trust WOT) will keep off it when seeing the red loop on the page and the warning popped out.

You can not completely take WOT at face value. I have seen enough evidence here and elsewhere to know that WOT bad ratings can be easy to acquire, and near impossible to get rid of.

I still use WOT, despite this. A red or yellow mark will make me hesitate, but if I am interested in the site, I will cross-reference it with other ratings from Norton SafeWeb, Browser Defender, etc.

I have just visited your site and no alerts by avast.

+1 (see report…!)
asyn

Report 2010-06-28 22:25:40 (GMT 1)
Website lolabou.org
Domain Hash 2981e4c9337ff03dea0e98276abfc4a6
IP Address 82.98.134.15 [SCAN]
IP Hostname hl61.dinaserver.com
IP Country ES (Spain)
AS Number 42612
AS Name DINAHOSTING-AS ASN de Dinahosting SL
Detections 1 / 19 (5 %)
Status SUSPICIOUS

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN

Well, Norton tells us whether the website is infected with viruses, and WOT tell us whether our privacy (just an example) is prone to be stolen. Anything could only be a reference, since AVs got false positives, WOT got its ratings by its users. Isn’t it?
PS:ogran, we’re and are only talking about WOT and its reliability… Of course I don’t think your website will endeavour to steal sth. from its users…

That’s what WOT says, right now…
http://www.mywot.com/en/scorecard/lolabou.org
asyn

Guys, lets not loose sight of the fact that the problem reported by the OP wasn’t WOT, but avast alerting on his site.

So continuing to discus WOT or other such sites is both pointless and off-topic, especially as avast no longer alerts on the site.

  1. Sure, Dave, that’s already solved…! :wink:
  2. There’s no discussion about WOT here…
    Have a nice day,
    asyn

Hi folks,

Scanned through finjan’s URL checker: The requested URL was analyzed and found legitimate
Unmasked parasites: not currently listed as suspicious
But should get off of these blacklists:

md5:960111c67ed1b960cbfb691cb52d5705:lolabou
md5:2981e4c9337ff03dea0e98276abfc4a6:lolabou.org
md5:4688d299e2d96f28f5772b9c98410b15:lolabouorg
md5:5a445d710ae24cd276062b0c84850838:org

pol


Welcome to the forums, ograu :slight_smile:

Just to insure the site is clean and put your mind at ease, I used another analysis tool.

Analysis from Wepawet @ hxtp://wepawet.cs.ucsb.edu/view.php?hash=cb2ef8bdb30abec9044d7e34006c1724&t=1277894207&type=js

Analysis report for hxtp://www.lolabou.org

MD5 cb2ef8bdb30abec9044d7e34006c1724

No exploits were identified.

No evals.

Writes :

(repeated 2 times)

Network Activity :
RequestsURL Status Content Type
hxtp://www.lolabou.org 200 text/html
hxtp://www.google-analytics.com/ga.js 200 text/javascript

No redirects.

No shellcode was identified.

No additional malware was retrieved.

Wepawet summary of what was observed on wxw.lolabou.org :

hxtp://wepawet.cs.ucsb.edu/domain.php?hash=cb2ef8bdb30abec9044d7e34006c1724&type=js

By the way, you have a nice site. :slight_smile:


Hi CharleyO,

But let us be aware of eventual exploits, for the site has ShockwaveFlash.ShockwaveFlash.7
as you so gently demonstrated in your Wepawet exploration…
I always give wepawet and jsunpack links as htxp or wxw links, because
(malcreants are reading these forums too, you know, and their “well-willing” intentions may differ ;D)
htxp://www.exploit-db.com/exploits/11182/

pol


Thanks for pointing that out to me, Polonus. :slight_smile: