Infection Details from Avast

Hello Avast Support,

Good day.

My site www.BestToolsDirect.com appeared with malware infection but on other antivirus, internet security it is a clean site. I double check my pc and web server but no malware detected even from Google webmaster tool.

I currently use multiple anti virus and internet security to check the issue like Malware bytes, etc…

Can you please remove the warning “malware issue” on your end?

Respectfully and Looking forward

URL:mal means the url is on a blacklist…for whatever reason

http://www.urlvoid.com/scan/besttoolsdirect.com/

https://www.virustotal.com/en/url/d8bf5003481bab69146ade1804b5e25374255474848fa7cc851af8427666be79/analysis/1373040058/

Wot.
http://www.mywot.com/en/scorecard/besttoolsdirect.com

the AdwCleaner search log you posted show lots of crap files…if you want it removed, run AdwCleaner again and click Delete

Pondus, why is it blacklisted? Can you re-assess it on your labs and investigate the issue? I believe my site is already clean and need to update on your end and verify it again.

I checked my site on http://urlquery.net/report.php?id=3559005.

i dont work for avast so dont have access to that info

but you can report it here if you think it is wrong. http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply here

sucuri report. http://sitecheck.sucuri.net/results/www.besttoolsdirect.com/

Pondus, thank you for the advice. I had already reported it to “Avast Contact Form” but no response.

I have other anti-virus and internet security and contacted their support and they removed the “blacklist” sign on their end. They had already verified it as clean site. Avast should do the same.

I attached the updated text file from AdwCleaner. Please let me know.

if you run a new AdWceaner search now, the log should be empty. :slight_smile:

Pondus, thank you for the advice. I had already reported it to "Avast Contact Form" but no response.
do it again..... and hope for a reply

Hello Pondus,

Attached here is a new text file. Kindly let me know.

Thanks for the help.

@hwoarang79
Would you like to check your host system on malware presence?

Magna86,

Kindly please advice how to do it?

:wink:

Just follow this guide from here for running OTL primary diagnostic tool.
http://forum.avast.com/index.php?topic=53253.0

Hello Magna86,

First, i tried to disable avast and enable other anti-virus / internet security but the site with executable file otl.exe you referred to me is blocked by a third party internet security. Kindly see attached file

Second, the site contains malware: Here’s the result https://www.virustotal.com/en/url/8da77e51d36d326462fefffddd47985e0f91c9966f938b02731cc821726b1b7a/analysis/1373047704/

All of my files here in local are legit and licensed.

If in my local is already clean it should appear clean on the other part.

The main issue here is False positive URL report because it appeared blacklisted on Avast side. I understand that this takes time to appear a clean site. On the other hand i am hoping that Avast should reconsider my site www.BestToolsDirect.com as clean because others already investigated and approved it as clean site.

Respectfully,

virustotal does not scan the site for malware…it check the url against a bunch of lists

OTL is downloaded and used by the removal experts here several times a day…just browse the forum section and see

the tool and site is safe…

Hi hwoarang79,

First, i tried to disable avast and enable other anti-virus / internet security but the site with executable file otl.exe you referred to me is blocked by a third party internet security.

OTL.exe is legit malware removal tool by “OldTimer”. The reason why AV sometimes flags tools like OTL is because they execute such actions to overpower active malware and for this reason AV only may report that as suspicious behavior. That is being known as heuristics detections.

Second, the site contains malware:
Site is detected under heuristics.
This URL is or was distributing a malware variant of W32[b]Heuristic[/b]-210!Eldorado
The main issue here is False positive URL report because it appeared blacklisted on Avast side.

I know. That’s why I ask you do you wish to preform system checking on malware presence. You said Yes.

Hello Magna86 & Pondus,

Tnx for the help.

Here’s the attachment from OTL and please let me know.

Respectfully,

Well, good news is that logs doesn’t shows any signs of malware but it does show that you mess up you system.

First, Multiple Antivirus Programs

You are running more than 1 Antivirus program! Although you think you’re better protected, very’re wrong

AV: BitDefender
AV: Kaspersky Lab
AV: AVAST Software

Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall and use only one of them. Which one, is your decision.


Re-run OTL.exe.

[list][*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\reseevwh.sys -- (reseevwh)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jdqyqpaw.sys -- (jdqyqpaw)

IE - HKLM\..\SearchScopes\{4DC02B2B-3F1C-437B-9118-79286CA8496F}: "URL" = http://www.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-220523388-1482476501-725345543-1003\..\SearchScopes\{4DC02B2B-3F1C-437B-9118-79286CA8496F}: "URL" = http://www.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-220523388-1482476501-725345543-1003\..\SearchScopes\{7D6838BE-CF1B-4CD1-A1F7-F56380D8CDE1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10269&src=crm&q={searchTerms}&locale=en_PH&apn_ptnrs=^AH0&apn_dtid=^YYYYYY^YY^PH&apn_uid=08854e02-1698-4373-8030-7184cc9fb088&apn_sauid=CD751130-E770-43FF-A333-8F7CA8913B03

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Files
C:\Documents and Settings\Ronnel\Application Data\Mozilla\Firefox\Profiles\vltc5vef.default\searchplugins\BrowserDefender.xml
ipconfig /flushdns /c

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.