My Site Picking as Virus in Avast?

For some reason My website is detecting as virus/malware,But there aren’t any virus or malware.

Site:

hxxp://aerohotel.net

If anyone can tell me which file is it infected I could fix them soon /virus or malware.etc

Thanks

Danny

Please break the link in your post.

http://www.virustotal.com/url-scan/report.html?id=16bb80e42f6f9d9a28fa5fe7109cc5df-1312884713

Submission date: 2011-08-09 12:11:53 (UTC) Current status: finished Antivirus report: View downloaded file analysis Webscan result: 4 /16 (25.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
URL analysis tool Result
Avira Phishing site
BitDefender Phishing site
Dr.Web Clean site
G-Data Clean site
Malc0de Database Clean site
MalwareDomainList Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
TrendMicro Malware site
Websense ThreatSeeker Phishing site
Wepawet Clean site
Additional information
Normalized URL: http://aerohotel.net/
URL MD5: 16bb80e42f6f9d9a28fa5fe7109cc5df
Content-Type: text/html

It may be a false positive, but until that’s established there’s no use in possibly infecting others. Right now, only Avast and GData detects the site as infected.

Hello,
your site was used for phishing. I checked it and is look clean now. It will be fixed in next VPS.

Thank you so much,

I was worried about my Site that detecting as virus/malware,Without Im doing anything.

So it will be not shown as malware in others avast right?

@DannyX,

Thanks for breaking link.

After the updated virus definitions are posted and downloaded, then Avast should not detect your site as infected, as Sirmer stated. It seems that it was a false positive.

Well, not really.
It was infected and got cleaned up.

Phishing doesn’t necessarily mean infected. ;). It really relies on dumb people.

The fact that Avast is correcting the VPS for this would seem to indicate a false positive.

Sure it does.

Sometimes, phishing simply relies on the visitor being dumb enough to give up their information. The site doesn’t necessarily have to have a malware payload.

http://en.wikipedia.org/wiki/Phishing

http://www.webopedia.com/TERM/P/phishing.html

DannyX: Yes, it will be OK. But be sure to hold your site clean. The best way now is change your log in name and password and not storing your passwords in your PC. Because it looks like your site was hacked before. The good way is check log on server what IP were used for logging to your site as admin.

Additionally he may check if the third-party software (like Content Management Systems or JavaScript extensions) are up-to-date. From the site source I could recognize some of those.

@Sirmer

Yes,I have got hacked before also,I Changed my password to something strong,Also formatted whole pc.

Well, if the owner of the site didn’t set it up for purpose (and we know he didn’t)…
…his site was for sure infected somehow…!!!
Got it…??

I think,After hacker hacked my vps,He left some virus inside before leaving in the vps like possibly he putted in like wwwroot iis or something,So after We formated the virus still might there.Then people said that its coming from online banner,So I Changed the banner then it might gone cleaned.

There is only one proper solution for that: Take your site offline and resetup the whole thing from the original sources or let it be analyzed from a professional. If you are unsure, if there could be some kind of backdoor you didn’t detect yet, it could be just a matter of time, when it will be hacked again. Take it offline, change your passwords, build it up from the scratch and make sure you are using the latest software releases or maybe even use a different software, which is more properly maintained.

If you run an unsecure site, you don’t risk only your own reputation, but also that your visitors get infected or pass their information to someone who hacked your site.

No,Need.I Changed everything.All the left avast need to see my site clean.Everything is secured.

So how long it will take to unblock my site?

That has already been said, the next VPS update which currently is about twice a day, a fixed time frame can’t be given. The current VPS version is 110809-0, so it will hopefully be in 110809-1.

I realize that his site was definitely compromised and altered, and MAY have been infected. It also MAY not have been infected. If there wasn’t also a false positive, then why did Avast require a VPS update to not find the site as infected, even after Sirmer stated that it was cleaned.

At the time of adding it to the block-list it was no FP.
As the site is clean now it will be removed from the list, therefore a VPS update is needed.