[FR] Avast detect some virus on my website.

Hi everyone !
(I’m French, And … I’ve a bad English, Sorry…)
Since the day before yesterday, Avast detect Trojan horse on my website ( http://www.newlifebobba.fr/ ) And i don’t now why.
I think some players report the website, or a new script (We just changed the login page).
Please, Help me for this problem, Avast don’t help me.

(if u want more informations, Tell me. :wink: )

Have a nice day !

I just visited the site with no problem - the virus data base has just been updated. So update and try again


I got no alerts neither and I visited all pages I could without signing in.


thank you for your quick answer
could tell me why your system block my users?
You tell me tou don’t have any alert from my website, but my users can’t logg on cause AVAST bloks them each time they try to load the schockware system they need to use my website since yesterday.


As I said, I did not sign in (login).
So, it seems that there is something in the login process.
Have you checked that process of your web site?


Yesterday mornig, loggings were ok.
since yesterday evening, we have this problem.
we didn’t change anything. the only changement was your update.
why it worked before your update, and stopted to do after you did it?

can you post a screenshot of the avast pop-up warning ?


You do not have to change anything on your web site. Hackers can do that for you.
That is why I asked you if you had checked the login process of your web site. Have you checked it yet?

Of course, it could be a false positive by avast. Someone (you or one of your users) will have to send in a report to avast for it to be checked for a false positive. This can be done through the avast GUI.


I don’t use avast.
I’ve asked my member for a screenshot.

And, I’ve checked the Loggin process, and nothing changed.

Well, no problem with avast, but some problem with other…
http://www.mywot.com/en/scorecard/newlifebobba.fr
http://www.siteadvisor.com/sites/www.newlifebobba.fr

Report 2011-02-26 17:40:03 (GMT 1)
Website newlifebobba.fr
Domain Hash 04369cf87d0d7d38cfce4e7b66f40085
IP Address 217.23.14.152 [SCAN]
IP Hostname customer.worldstream.nl
IP Country NL (Netherlands)
AS Number 49981
AS Name WORLDSTREAM WORLDSTREAM AS
Detections 3 / 18 (17 %)
Status DANGEROUS

The problem for us ‘avast users’ in the forum, is we aren’t seeing the problem as we aren’t trying to log in as we aren’t registered/members at your web site. So we physically can’t access the areas that your users are reporting as a problem.

Interestingly when I tried to visit your site I got a WOT notification, http://www.mywot.com/en/scorecard/newlifebobba.fr One of the comments is recent and also relates to JAVA Virus. Whilst WOT isn’t the most reliable reputational database it does seem related. So any images of the alert would be helpful.

we looked at your forum.avast.com. You ask to look at mywot.com website. We have some bad evaluations.
could I understand anybody can make any comment he wish and you block wesite without any verifications from your services? this way, I could say AVAST gave me a virus and You block your own website?
You talk about a virus from JAVA, but we DON’T use itat all.
thanks by advence for your quick answer and to unblock my website in a really short time. If you don’t do, I’ll call to may advocates about diffamation and to have some indemnification you caused


Avast does not use WOT for it’s blocking. These are individual users who are using WOT.

I suggested to you above the proper thing to do. So, it is up to you or one of your users to do so.

Of course, it could be a false positive by avast. Someone (you or one of your users) will have to send in a report to avast for it to be checked for a false positive. This can be done through the avast GUI.

You do not have to use JAVA but a HACKER might use JAVA on your web site.

Making threating remarks does not help you.


  1. What are you talking about…???
  2. ::slight_smile:
    If you think this is a FP, report it here: http://www.avast.com/contact-form.php?loadStyles
    asyn

I’ve scan every pages, And, java aren’t enabled…

When entering the website i get a IP block from MalwareBytes PRO
IP: 217.23.14.152 Blocked

IP listed at hpHost
http://hosts-file.net/default.asp?s=217.23.14.152

Hi,
I have 2 screenshot from my members.
http://www.sparkdaemon.fr/av1.jpg
http://www.sparkdaemon.fr/av2.bmp

The blocked page is the externals vars.
He contains :

``` badge_name_FR018=Animateur badge_desc_FR018=Anime les jeux sponsos badge_name_FR019=Roller et manette badge_desc_FR019=Gagne aux jeux sponsos badge_name_FR020=Renne et sapin badge_desc_FR020= Gagne aux jeux sponsos badge_name_FR021=W.C. et canard badge_desc_FR021=Gagne aux jeux sponsos badge_name_FR022=Tabouret et caisse badge_desc_FR022=Gagne aux jeux sponsos furni_env_grass_name=Herbe furni_env_grass_desc=Toujours plus verte ailleurs… furni_hweeen09_floor_name=Parquet furni_hween09_floor_desc=Les lattes grincent ! :o wallitem_hween09_curt_name=Rideaux fantomes wallitem_hween09_curt_desc=Idéal pour vos manoirs hantés ! wallitem_hween09_wall1_name=Pan de mur de manoir wallitem_hween09_wall1_desc=Il sent le moisi. wallitem_hween09_crnr1_name=Angle de manoir wallitem_hween09_crnr1_desc=Il sent le moisi. furni_country_rain_name=Pluie furni_country_rain_desc=Sort ton parapluie furni_country_scarecrow_name=Epouvantail furni_country_scarecrow_desc=Avant, il était vivant. wallitem_country_wall_name=Porte campagnarde wallitem_country_wall_desc=Ferme-là ! furni_eco_mush2_name=Amanite tue-mouches furni_eco_mush2_desc=Toxique ! furni_ads_grefusa_cactus_name=Cactus a chapeau furni_ads_grefusa_cactus_desc=Il s’apelle Henri ! furni_env_tree4_name=Arbre des 4 sasions furni_env_tree4_desc=Renouvèle l’oxygène ! wallitem_party_lights_name=Spots walltiem_party_lights_desc=On dirait de la neige ! :o furni_hween09_chair_name=Chaise majestueuse furni_hween09_chair_desc=On se sens majestueux furni_party_lantern_name=Lanterne chinoise furni_party_lantern_desc=Douce lumière pour éclairer douce nuits furni_country_well_name=Puits furni_country_well_desc=Des voix en proviennent ! :o furni_bumps_lights_name=Feu rouge furni_bumps_lights_desc=On attend qu’il soit vert ! badge_name_GFS=Coeurs multicolores badge_desc_GFS=Effet arc-en-ciel garanti badge_name_GUI=Carte coeur | badge_desc_GUI=Pioche l'As ! ```

Why AVAST block this page?

avast is alerting on the first script in that file, not really sure on the detection. Can’t seem to get virustotal to work…

Jotti: http://virusscan.jotti.org/en-GB/scanresult/09f7ed49fd1cafb3cb55d37944926c0fb9b7dc57 ← text file containing that script only.

If i understand… The problem come directly by the pubs one the page…

Look,

With ads :
http://virusscan.jotti.org/en-GB/scanresult/1b0272a30b0deac627945ca514e79e491daa2df4
Whisout ads :
http://virusscan.jotti.org/en-GB/scanresult/fe992f5e38f4c55d7a968fc97c9b3077750cd9df

Thanks for ur help… ^^