Avast is telling me that my girlfriends website is infected with a trojan horse… and I know for sure that its not (thats my girlfriends website, shes musician…)
I double checked with VirusTotal and its saying that its clean…
Here is a link to VirusTotal results: hXXp://virustotal(DOT)com/url-scan/report.html?id=d014bed8950b7e1329dfe54d0a5c3d2d-1297909952
hXXp://chandaleigh(DOT)com
Any ideas? Or a way to take it down from the “infected” list?
Just to let you know, websites get hacked and infected all the time, so just because your girlfriend is a musician and wouldn’t host malware or viruses intentionally, it doesn’t mean that someone couldn’t exploit a vulnerability in some way and put a virus on it.
That being said, I browsed all over the site and didn’t receive any warnings from avast. oh wait, I’m on my linux box. :-[
um, well, where does the avast warning come up? The home page or one of the links on the page?
Well, I’m sorry that I can’t help you much further. I only know how to submit FP’s when they’re already in the chest.
I guess you could send an email to virus AT avast.com and tell them in the subject that it’s a false positive, along with the URL in the body of the message, but I feel that might be the wrong thing to do.
It’s getting quite late and I don’t have the energy or the time to search around and find a thread that has False Positive URL submissions in it, but you could search around if you haven’t tried yet.
I don’t know if the current version of avast will let you submit a webshield warning as a false positive or not, but I think it used to.
*also, just an update, I jumped on my xp laptop and visited the site. The main page doesn’t throw any warnings and I’m using the 6.0.945 beta with 110216-1 definitions. So, your friends computer might just have an older version or virus definition file loaded on it. Either that, or they’ve already fixed the FP.
as you see on the pic Coolmario88cp posted, the URL is not the same as your grilfrinds website URL
so there seems to be a redirect…as avast say HTML:RedirME-inf
So what I need to do is to look in the html for the following link “tb.widecompany(dot)com/in.cgi?2|>” and remove it, and after that submit my website to the avast link that Asyn gave me?
Sorry, I just never had that kind of a problem, so I prefer to ask before I do something stupid
Indeed the site seems no longer flagged. Has the script injection been cleansed or is it just because it cannot redirect to htxp://ae.awaue.com/7 any longer? Mentioned domain does not exist or is inaccessible according to Netirk,
Sucuri gives following info on this injected script malware:
Newest versions of this attack are using 188dot72dot194dot172: *
htxp://w3.fairygoodideas.com/in.cgi?2 *
Infection: It infects all posts inside the database (wp_posts). Only wordpress sites are infected.
If it’s gone (which is what has been reported so far) then you should be clean. However, if you, your girlfriend, or the webmaster didn’t put that link on the site, then it was probably put there by a hacker somehow.
I’d change any passwords that anyone has for the website (or FTP accounts or whatever you use to upload/make changes, etc.).
You should also make sure that any scripting languages or databases are patched and upgraded too. If there’s an exploit available because you’re using outdated software on the server, then chances are it will just get hacked again.
I will get on it as soon as I get the account information. We haven’t added any links to the website, so its time for me to just change out the passwords and make sure that this wont happen again.