my site is denied

Viruses and worms
1

Help me my site is denied for avast mfcp.homelinux.com

Infection Details
URL: hxtp://mfcp.homelinux.com/
Process: C:\Archivos de programa\Mozilla Firefox.…
Infection: URL:Mal

I can not access, maintenance had a script that made my domain is blocked …

help to unlock my users can not enter.

2

Hi lucio,

urlquery here: http://urlquery.net/report.php?id=75459 Screenshot in upper right is actual url page. Says page is working properly but has yet to be configured. Shows Fedora server page.

zulu here: http://zulu.zscaler.com/submission/show/f8b7943673eb2c66fa4e1ed61c1e1ee3-1340655779 Suspicious link found in domain history.

urlvoid here: http://www.urlvoid.com/scan/mfcp.homelinux.com/ avg threat labs here: http://www.avgthreatlabs.com/sitereports/domain/mfcp.homelinux.com/

securi site check here: http://sitecheck.sucuri.net/results/mfcp.homelinux.com/

Please make url non-clickable as in wXw or hxxp: to protect innocent users here.

3

Hi mchain,

Thanks for that extensive check. Your contributions are very welcome here, and mutually inspiring.
Therefore I like this corner of the forums, I really do. How much insight it has already brought us all.

Just two additional remarks on a side note for what you report here, my friend:

  1. Originally this was flagged by Norton Safe Web for “uklatt.homelinux dot com”, and so all of homelinux dot com came under suspicion.
    The link to hxtp://fedoraproject.org/ recently resulted in the infection with two worms according to Google’s Safebrowsing,

  2. [quote] Also /sbin/init on fedora is has been reported as infected with the Suckit rootkit but this could not be proven either
    and could well be a false positive or false negative rather, [quote] (quote tahen from a report by Beartooth on fedura’s user-list june 7 2012),

polonus

4

I am shown a record that malware was live on this site for 0.1 hours 2012-06-25 22:36:15.

5

Hi !Donovan,

Right you are, my friend, and sites for that domain has been spreading the following flaws of malware: unknown html and unknown executable malware, Trojan.Generic.KD.17597, PHP/BackDoor.AR, Virus.PHP.Small!IK, 5 instances of Win32.SuspectCrc!IK, now all response dead, various IP sites for that domain were being taken down as well. So it could well have been a general domain block.

Sitevet report for the AS for that IP:
AS Name: Uninet S.A. de C.V.
IPs allocated: 12955024
Blacklisted URLs: 23

Hosts…
…malicious URLs? Yes
…badware? Yes
…Current Events? Yes

If despite of all this you might feel your website is secure, then there is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

polonus