system
1
Hello,
I run a web hosting company and I think my IP address might be blacklisted as my company website, northernorange.com is being blocked by your software with URL:Mal and URL:Mal2 warnings. It is notifying me on files like favicon.ico and various .png images, which is obviously not malware. In addition to blocking my company website (which is on a dedicated IP), it appears to be blocking other websites on a shared IP that my clients use. Examples include limquity.com, keepitpumpin.net, canuckscentral.com, thenationsnews.org and more. These are all separate clients with no connection to each other.
Can something be done to fix these multiple false positives?
Thank you.
Pondus
2
You can report a possible FP here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply here
Hi I get this here for http://my.northernorange.com/index.html
Not Found
The requested URL /index.html was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
see: http://www.reversemx.com/mxip/173.231.1.27/
This resolves OK: http://www.northernorange.com/
polonus
But this (found earlier on that IP) could have triggered the earlier flag, see: http://urlquery.net/report.php?id=3228295
ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page & URI & EXPLOIT-KIT Blackhole Exploit Kit landing page retrieval
while this domain was free of it at that time: http://urlquery.net/report.php?id=3225110
See: http://en.wikimix.info/ip/173.231.1.27 not blacklisted now: http://www.ipvoid.com/scan/173.231.1.27/
polonus
Well the cache content of the page is still very much infected. Trying to open this: htxp://webcache.googleusercontent.com/search?client=flock&channel={flock%3Acontext}&q=cache:8r5pwzqZAkoJ:http://www.thenationsnews.org/%2Bthenationsnews.org&oe=utf-8&hl=en&ct=clnk
will get me an avast!Web Shield alert for HTML:RedirBA-inf[Trj] for mentioned url||{gzip}
For the infection see examples here: http://support.clean-mx.de/clean-mx/viruses.php?virusname=HTML:RedirBA-inf%20Trj&sort=first%20desc
all with exclusive avast detections (Gdata) → https://www.virustotal.com/en/file/28d7cec5b73ef79628dd8051ae13f5e6a3ebb1a330eeb5bcd978037ba962297e/analysis/
Question is for the live infected sites, is the avast detection genuine or FP?
HTML:RedirBA-inf is classified as a nasty computer threat which attack on system files and thus make your Windows based system almost unusable. This malware is generic detection of malicious HTML files. It contains harmful script by the help of which it changes the Google or Yahoo search and will always redirect you to unsolicited web address. Just like HTML:IFrame-HM [Trj], HTML:IFrame-JS [Trj] and W32.Ramnit!html threat, it search for FTP account and use this channel to upload a code and thus infect the user’s web site. It is recommended to remove this nasty infection before it corrupt your Windows based PC.
from Thomas Clarke.
polonus