Hi, i’m the owner of the site hxxp://www.holylol.com (adult content, do not visit it if you don’t want to see explicit sex images).

Today i received two emails from surfers saying that my site was blocked by Avast. I installed Avast free myself and checked it and they were right, it also got blocked for me with the following message:

Infection Details

URL: hxtp://www.holylol.com/|%3E{gzip}
Process: file://C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe
Infection: html:Script-inf

I have checked it with virustotal and it says the site is fine:
http://www.virustotal.com/url-scan/report.html?id=93f079a0c55d44997c3e2e70c556fead-1310464221

So can you please let me know what is going on and how to fix it? my first suspicion was that it was one of my banner advertisers doing something nasty, but can’t find anything nor any tools like virustotal detects anything, it’s only Avast.

I see it mentions gzip in the url but… gzip is just a widely used and google recommended html/php compression format to speed up page load so i doubt it’s that.

Thanks for your help.

Hi Icy, welcome to the forum

Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks.

Looking at the code, it seems that avast is alerting on a script that is just before the closing body/html tags (highlighted in the image)

I sent that code to VT in the form of a text file, and only avast and Gdata (uses avast engine)detect it. I’m not too sure on the detection, but without that script, there is no alert.

Scott

Thanks Scott but the url i wrote had already xx instead of tt

I’m going to check removing that script, that is the one that pops the IM chat, from an advertiser.

You were right, removing that fixes the report, big thanks!

But still would like to know what is wrong with that code, it’s should be harmless as it’s from an advertiser with very good reputation. I have asked him too about it to check it.

Yes, looks like Milos beat you to it

I'm going to check removing that script, that is the one that pops the IM chat, from an advertiser.

avast blocks this domain, via the network shield, so the script that call it on your site is also blocked.

I am not entirely sure on the detection, correct or not, but if it does turn out to be a correct detection then it could suggest that the advertiser has been hacked…

Hopefully one of the avast team can comment

Hello,
this ad site was blocked incorrectly. It will be fixed in next VPS.
Sorry for your inconvenience

Hello, I am the owner of the advertisement you blocked incorrectly. When you guys did the block I was in a panic and had webmasters change the code you blocked to a new code only to later find out you made a mistake and fixed the problem… I thank you… But it looks like you are blocking it again. This time the new code i had webmasters change their code to.

http://199.91.173.53/a1/chatbar.php

can you please look into this again, and whitelist it and also look into why this ad keeps getting blocked. This is the second time.

Thanks

here is a screen shot one of our webmasters posed:

http://img837.imageshack.us/img837/2504/screenshot1da.jpg

Anyone here?

i’m still waiting for an answer…

Hello,

Your problem will be fixed in the next VPS.

Best regards

Alena Varkockova

can you tell me why they get blocked? is there something i can to do help avoid this in the future?

Hi.
I am owner of website agrostory(dot)com, my site is safe, but I can’t visit with Avast because HTML:Script-inf [Susp]

Quttera: the site is clean (Scan date: Dec Tue 2024/12/10 11:09)
What I can to do?

You may also wish to check your website on VirusTotal https://www.virustotal.com
If it tests clean everywhere, then send Avat a False Positive form: Choose Your Sample Submission Type | Avast
Give Avast at least 48hrs to consider, but you will not get any reply from Avast.

Note I am just another Avast user and not affiliated to Avast in any way.

I checked on virustotal.com
But there is a certain paradox.
Virustotal: Quttera - Malicious

quttera.com:
No Malicious Content Detected!
Scan date: Dec Thu 2024/12/12 09:36

How should this be understood?

I wrote a message to community on VirusTotal, but there is no response yet.

I downloaded the site (files), checked with Avast antivirus - no viruses detected

I also downloaded the database in SQL format and checked it with an antivirus - it does not contain viruses.

I believe Infection: html:Script-inf refers to a potential malicious script, not a virus as such.
Maybe @polonus , if anound on the forum these days, will have a view on this subject.

Hi.

The problem is still relevant, how to solve it?

Is there anyone alive from tech support on this forum?