Hi, I have this issue with Avast Free, my URLs and all the domains with the IP 50.31.138.120 are detected as malware, I excecute some scans with tools and they seems to be ok with other antivirus software don’t they appear as safe I read that could be false positive, Can you help me?
and what does avast say…can you attach a screen shot?
Malware history for the IP from May last: http://minotauranalysis.com/search.aspx?q=2aae991aa2298e515de16a4545e9b2e7
Has a general URL:Mal block for that IP by avast Network Shield…also webbug GET query for the IP leads to a Network Shield alert of that nature…
code get’s us right here: a href=“htxp://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409” = htxp://www.iis.net/?amp;clcid=0x409
pol
urlvoid
http://www.urlvoid.com/scan/diagtula.ru/
also scroll down to the bottom to see detected domains
Also see: https://www.virustotal.com/file/6ed0cb3da5a3d7adaa98d2d98a82a5672ce216c617a1eaa0b259d7185fc38533/analysis/
for link to V13b****^^yandex_ru/ru/CP1251/tmsec=narod_total
[javascript variable] URL=narod2.yandex dot ru
info: [img] wXw.diagtula dot ru/userjs/
info: [iframe] wXw.diagtula dot ru/userjs/# (vulnerable to claro virus and fake and rogue malcode)
info: [decodingLevel=0] found JavaScript
suspicious
polonus
Detections 1/28 (3.57%)
you kidding me ? its static site
info: [img] www.diagtula dot ru/userjs/
info: [iframe] www.diagtula dot ru/userjs/# (vulnerable to claro virus and fake and rogue malcode)
info: [decodingLevel=0] found JavaScript
userjs its yandex API all yandex site use it
http://www.scanurls.com/report/15722
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2008:04:05 16:17:06+02:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 22528
LinkerVersion............: 2.5
EntryPoint...............: 0x1000
InitializedDataSize......: 11776
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 0
what is that PE file ?
FYI
My MBAM is stoping IP 217.199.2418.100 generated by your images in replay # 3
you free to view its sorce…
Hi mdscorp,
Did not say you were infected. I only said that part of script could be vulnerable and I got a hick-up on it scanning via a javascript unpacking service site.
No more no less, that is all. If you feel your site is falsely being flagged and this is a FP then report via: http://www.avast.com/contact-form.php?loadStyles
If indeed the site is found to be clean, unblocking by avast analysts can be as soon as the next update…
Oh and 217.199.2418.100 doesn’t look to be a registered domain…
d8.ce.b0.a0.top.mail.ru blocked here, see: http://fgup.mi.ru/proxy/control/squid-block.dat
polonus
thanks
217.199.2418.100 doesn’t look to be a registered domain…
its 217.199.218.100 = rghost dot ru there uploded my pic
Consider the IP flags here: http://malc0de.com/database/index.php?search=77.88.21.83
Also listed for spamming…http://www.mywot.com/en/scorecard/77.88.21.83
http://hosts-file.net/?s=77.88.21.83 nothing in their database
spammers in the neigborhood on your IP range: http://www.projecthoneypot.org/ip_77.88.21.61 2,913 instances of it over the past 2 years +
Found on this attacker logs list: http://www.atma.es/
pol