system
January 18, 2016, 6:14pm
1
My domain rizzit.net is being reported as a virus only by avast.
I have a virus total scan result here: https://www.virustotal.com/en/url/738bc0f627afa6bf3054f4543e57c1f5b2a40dbd6a4142414b758dbcf7b28ed1/analysis/
Typically only when a user looks at a image a “threat” is detected.
Here is an example: https://rizzit.net/Sup5URS.jpg
That is a screenshot of this thread.
I have done as asked. Changed passwords, removed all non essential files, and I looked through all my PHP code for any malicious code. Please help
hey and welcome to the avast forum im no expert but acording to zulu it could be something in your domain. hoppeful someone a litle more experice will drop be and give you a hand and pinpoint where the problrm lies
http://zulu.zscaler.com/submission/show/aa238d03a0e01baf31c1ca3fd492961f-1453141008
Pondus
January 18, 2016, 6:25pm
3
Typically only when a user looks at a image a "threat" is detected.
and what does the message from avast say?
Sucuri report https://sitecheck.sucuri.net/results/rizzit.net
MALICIOUS CODE DETECTED: https://sitecheck.sucuri.net/results/rizzit.net
Clean here: http://killmalware.com/rizzit.net/
No vulnerable libraries: http://retire.insecurity.today/#!/scan/06432afe7256101bf53a904f46e3b67be1a257a13b380cbe55062f0a985a93f8
Apache and PHP have to be updated: http://prntscr.com/9rsat1
You may also want to consider adding Incapsula or CloudFlare for security, my recommendation: Incapsula, it gives better security.
polonus
January 18, 2016, 10:21pm
6
There is some insecurity on the site, but no malware per se. The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.4.12
<Error>
<script/>
<script>
navigator.CookiesOK="I explicitly accept all cookies";
</script>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>9D2EF20B2D01F17A</RequestId>
<HostId>
p+1d45+sEA9V14BMPEMGe8DkGf0IIpX2dKtdoB4cly18PuzxioWFHYrc6sWsKazUXdECENrsv30=
</HostId>
</Error>
→ http://www.domxssscanner.com/scan?url=http%3A%2F%2Frizzit.net%2Flogin.php
<h3>
<b>Fatal error</b>: Call to undefined function _e() in <b>/home/rizzit/public_html/login_data.php</b> on line <b>6</b>
PHP tag clean-up needed! This piece of coding there needs attention to remove that error.
There is no function e_ or _e(). The function should be _e: or _e: () (info credits go to JAL)
Have a nice day,
polonus (volunteer website security analyst and website error-hunter)
system
January 19, 2016, 3:20am
7
Thank you all for your replies. I did not expect this much assistance. The user script is one I found on code canyon. I have removed its entirety.
What are the next steps to remove my wsebsite from avast detection?
By the way, the detection was URL:Mal
Pondus
January 19, 2016, 6:46am
8
By the way, the detection was URL:Mal
URL:Mal = Blacklisted URL or IP
system
January 19, 2016, 6:49am
9
What do I need to do to have this removed?
Pondus
January 19, 2016, 6:51am
10
Have notified avast team, you may get a reply later today
HonzaZ
January 19, 2016, 10:00am
12
I cannot see any malicious activity right now, so I unblocked the domain
