False Positive

Hi,

I have an issue about a picture at my website (https://netmediashop.com) that does not even exist at the indicated location
infected by HTML:RedirME-inf [Trj]

I tried to clean my computers by ccleaner but it comes back.

Now what to do ?

I tried to clean my computers by ccleaner but it comes back.
I assume avast report this on the website and not in your computer? .... you may post a screenshot

Blacklist check
https://www.virustotal.com/gui/url/36be2cac0edbbe8eaf42c66b9163d82e03aa5ea823be3047e94258792819b7a5/detection

IP history https://www.virustotal.com/gui/ip-address/185.6.139.12/relations

Sucuri https://sitecheck.sucuri.net/results/https/netmediashop.com

Things to fix https://retire.insecurity.today/#!/scan/44e860889cf862ffe5f0f8ee634fdb5f147e1720b573cf374f7f68e192363479

Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier
Avast Free/Pro/IS/Premier topics and issues, not viruses or false alarms here!

Use Viruses and Worms section

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Fortinet’s is the only one to flag site for SPAM, also consider:

URL DA PA TB QB PQ MT SS OS Age Alexa TC Majestic

1 https://netmediashop.com/ 2 3 781 0 0% 0/10 1% 21% 3Y, 41D 0 Link Profile

Flaw on that server see: https://www.shodan.io/host/185.6.139.12
CVE-2019-10149 A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bnt0bXsjW3xzaF1wLl5dbQ%3D%3D~enc

Older McAfee blacklisting exists, also consider on IP: https://www.abuseipdb.com/check/185.6.139.12 (IP has not been reported)

and https://dnstable.com/ip/185.6.139.12

One should ask for an exclusion for that specific domain, wait for an avast team member to give a final verdict,
in the mean time you could check on these security related recommendations:
https://webhint.io/scanner/433c7748-952b-4f4a-8a60-e96aa1815ec3#category-Security

polonus (volunteer website security analyst and website error-hunter)

[quote author=Pondus link=topic=228284.msg1512086#msg1512086 date=1562857009]

I tried to clean my computers by ccleaner but it comes back.
I assume avast report this on the website and not in your computer? .... you may post a screenshot

[b]https://drive.google.com/file/d/1dSUSHvCmmi1Tur1HTvZ0gd_30wT2Gvw_/view?usp=sharing[/b]

Yepp, reported on the website

If your problem is that avast report this even when you dont try to access the website? then try clear your browser cache/surf history log

It shows up only when I access the website

BUT

It is a picture made by me only the background was downloaded with no any sign of including any viruses (No alert from Avast),

that’s why I assume that it is a False Positive Alert

Issue solved

Thanks for the update, you can edit your First post and add [Resolved] to the topic title. In the same way I have for this post.

Thanks for reporting,
RESOLVED to my reaction.

Good suggestion, DavidR,
all where FP’s are resolved,
it is a good policy.

polonus