Avast! blocked norma-market.ru with reason URL:Mal.

All scans shows that this site is clear from any malware.
reports:
http://www.virustotal.com/url-scan/report.html?id=06bdf7a756b3e7ec89117580445146fb-1295097332
http://www.virustotal.com/file-scan/report.html?id=88fc453631d72df93074984b9cdb4d9147482bb5abcff143e831ec75967b7919-1295100893
http://vscan.urlvoid.com/analysis/6a6bf4dec039281257bfd10e62018f03/bm9ybWEtbWFya2V0LXJ1/
http://safeweb.norton.com/report/show?url=norma-market.ru

Low rep in Web of Trust. But the site is not in the list of services that are referenced in the comments.
http://www.malwaredomainlist.com/hostslist/hosts.txt - clear
http://www.malwaredomains.com/files/domains.txt - clear

Finjan (real time) detects adware.

http://www.finjan.com/Content.aspx?id=1190&url=http%3A%2F%2Fnorma-market.ru%2F&state=unsafe&category=Other&reason=Potential%20adware%20behavior%20was%20detected%20on%20this%20page&more=

http://www.UnmaskParasites.com/security-report/?page=norma-market.ru

Suspicious Inline Scripts :

Long suspicious script

document.write("< a href='hXXp://www.liveinternet.ru/click' target=_blank>< img src='//counter.yadr...

This is liveinternet.ru counter. Same FP reaction on some sites where it is installed.

from norma-market.ru

new code from liveinternet.ru

Possible that reason is same.

Hello,
this false positive wasn’t caused by liveinternet.ru. It was false positive in our black list.
Regards

Thank you

Glad you got it resolved with Avast, anyway.

-http://hosts-file.net/?s=liveinternet.ru and -http://www.urlvoid.com/scan/liveinternet.ru

-http://www.urlvoid.com/scan/norma-market.ru

Hi! I have the same problem with my site “r0b1n.org.ua” - URL:Mal. Avast blocking it.
I check my site with:

http://www.unmaskparasites.com/security-report/?page=r0b1n.org.ua
http://www.urlvoid.com/scan/r0b1n.org.ua
http://vscan.urlvoid.com/analysis/845905834378518cc78b2c0e944c688b/cjBiMW4tb3JnLXVh/
http://www.virustotal.com/url-scan/report.html?id=2ac9dc93337d06574682ec4145498cf8-1297177196

Please help. What should I do? ???

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles
asyn

Oh, thank you, Asyn. I’ll try it!

You’re welcome…!
asyn

Hello,
r0b1n.org.ua should be fixed in current VPS. But it wasn’t a same case, because norma-market was a false positive in our web shield but r0b1n.org.ua was really infected and now it’s clean.
Regards

Developers AVAST help, please. Your antivirus is blocking the site www.fonariki.skrepka.pl.ua. You can check for the black list.

Please open a new topic.

My url http://foto.pro-digiworld.info/ avast is bloked. what is problem. Virus is not have on my site.
http://www.urlvoid.com/scan/foto.pro-digiworld.info - CLEAN

First always start a new topic when you have problems
you find the blue “NEW TOPIC” button in top right corner here http://forum.avast.com/index.php?board=4.0

Virus is not have on my site.

Info: Description:Encoded javascript using a packer by Dean Edwards
http://sucuri.net/malware/malware-entry-mwjsdepack

Jotti - http://virusscan.jotti.org/en/scanresult/5e9dc6a884423cfac7109336a6e39e01a6ea6efe

This part of the code there is suspicious:
-foto.pro-digiworld.info/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3 suspicious
[suspicious:2] (ipaddr:176.9.40.38) (script) -foto.pro-digiworld.info/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3
status: (referer=-foto.pro-digiworld.info/)saved 9986 bytes fd7e089a6c10d591dc15faf54395bb5a8b74a1ea
info: [img] -foto.pro-digiworld.info/wp-content/plugins/nextgen-gallery/shutter/
info: [decodingLevel=0] found JavaScript
suspicious, see: http://urlquery.net/queued.php?id=15509

polonus