My Website Virus Hell

Hello folks I’ve only just joined the forum but I’ve been using Avast! 4.7 home edition for quite some time.

Right well my problem is that basically as of yesterday my Anti-Virus sofware is refusing to allow my “Mini History/Celebration” Website to load. As soon as I click on the bookmark link or type the website address into my address bar, a little banner appears at the foot of the page stating avast! On-Access Scanner Message and then highlighted in yellow beneath that it states: - http://minis.freeservers.com/\unp29778318 contains sample of “VBS:Malware (Script)”! (I’ve used blue because it won’t show up in yellow here) and then the Virus Found Box warning appears and I have to press the Abort Connection button which then leaves me with a blank page. The unp number changes each time I try to load my website though.

This is the full details that appear on the Virus Found Box: -
File name: http://minis.freeservers.com/\unp29778318
Malware name VBS:Malware [Script]
Malware type Virus/Worm
VPS version 000761-2, 27/07/2007

Again the unp numbers vary each time I get the warrning banner.

Anyway I e-mailed Freeservers (my website provider) and told them about the problem even though I didn’t expect a reply since my website is free and I’m not entitled to e-mail or telephone support from them as a result. But I did get this reply last night: -

Hello Darryl,
Everything is fine on your site, no malware is distributed through freeservers. You can request to have the banners removed from your site by upgrading under the My Account tab in your account. Pretty cool mini site.
Michael
Mysite Customer Service

Very short but sweet so are they the ones to blame due to the fact it’s drowning in advertising and pop-ups? Perhaps it’s some spiteful ploy to get me to pay the annual subscription fee and rid myself of all the junk adverts and pop-ups?

But I use Firefox though, so it blocks most pop-ups anyway and up to yesterday everything was fine. I even tried loading it using I.E., but had the same results though.

I have updated my Avast! anti-virus software and ran a thorough systems anti-virus check too but it claims my PC is clean anyway.

I’ve also contacted “Statcounter” the people who provide my free hit counter (I’ve been using that for ages too) and it’s got nothing to do with them.

Oh and I’ve also discovered that when I open my bookmarks folder and right click on my website bookmark and then select properties, the Avast! warning also appears then. So is the problem on my computer instead? Or is my Avast! anti-virus programme automatically classing my site as a virus risk now?

So any advice would be greatly appreciated, because it seems to be only me who is having a problem loading it and I’ve heard from a few people who have had no problems themselves including those who use up to date AVG Anti-Virus software and they’ve had no problems loading it either.

Anyway I eventually intend using the free web-space offered by my broadband provider to host it, but I’d like to find an answer to this problem now just in case it occurs again in the future. Oh and my website is: -

My Rough Guide To The Mini 1959-2000

Help! ???

Using avast! pro here myself with that vps, no problems at all with the website.

Disable the avast providers one at a time and visit the website.
Let us know which one is giving you the warning.

I get no warning on your website as well. Hope all turns out ok for ya. :slight_smile:

I tried the link and got a warning from webshield. vps 761-0

Thanks for the replies, so it’s possible that the problem is with my computer then? Perhaps if I format it completely then that will resolve the problem?

I believe the unp??? is a file that avast uses to unpack anything but is usually found in the avast4 temporary folder.

This url is also very strange as it isn’t a conventional path (notice I have broken the ‘suspect’ link so it isn’t active, you should too), http :// minis.freeservers.com /\ unp29778318, it is /\ that is strange and results in an error.

[b]404 Error -- File Not Found[/b] The page you are looking for (http://minis.freeservers.com/\unp29778318) is not here.

Possible Reasons:
* You may have spelled the URL incorrectly.

There have been a couple of false positives on VBS:Malware [Script] I do get an alert on your site with VPS 0761-2, so the others not getting an alert are probably not up to date.

It is important to identify the file if possible then it can be sent to avast as a possible false positive. Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections ?

However it looks like a script on that index page which is being detected not specifically a file.

I did a scan With DrWeb link checker and that doesn’t find anything. I have submitted an email to virus(AT)avast.com with a link to this topic, hopefully it will be looked into quickly and hopefully resolved.

You could add the minis url to the Exclusions of the web shield aas a temporary measure until resolved.

http://minis.freeservers.com/

So you got a virus warning then?

Surely it must be the advertising banners and pop-ups that are causing this, because Freeservers claim that there is no malware virus distributed via them?

I’ve direct my browser to that link and receive avast! warning too… So the problems not within your machine.

http://www.geocities.com/solutem/warning....JPG

Thanks for doing that DavidR and there’s now a long list that appears on my avast! Log Viewer since I’ve been repeatedly trying to load my site and here’s an example: -

28/07/2007 16:39:58 SYSTEM 1028 Sign of “VBS:Malware (Script)” has been found in "http://…

Thanks,

Taffy

Yes, and as noted, with an older vps.

It may very well be a false positive as pointed out by DavidR. Follow his advice.

Thanks MeDIeVaL and that does make me feel slightly better, because I did worry in case the problem was with my computer.

But it’s quite shocking that Freeservers are allowing this to happen, probably via the advertising or the pop-ups because it was all fine before yesterday.

Surely they have a responsibility to keep their sites clear of malware and other such viruses and that should include what the advertisers use too? >:(

But thanks again for you’re help and advice everyone it’s much appreciated.

If you still worry you can try to boot scan to find out wether the problems lies inside your machine. That will make you much much better… I’ve doing this e’thing avast! give me warning 'bout virus.

No problem, welcome to the forums.

The … dots at the end of the string indicate that there is more text, you can use the windows trick of expanding a column with to see all of the text, which is essential to see the full url.

If you haven’t added the url to the web shield exclusions I would do it now and also send a report to virus(AT)avast.com with an outline of the problem, the site url and a link to this topic. The more that send hopefully the more likely to get noticed.

You could add the minis url to the Exclusions of the web shield aas a temporary measure until resolved.

So it will be safe to do that and I take it that a false positive is just the anti-virus software making a false alert?

I’ve also sent an e-mail to Avast with similar information that I posted above and thanks again DavidR and you can tell I’m not very clued up on the world of computers and viruses, but it’s awesome being able to get expert help from forum members like you.

Yes, that what false positive means. As DavidR posted, it checks out clean with Dr. Web, so you will probably be alright.

Don’t go tearing a strip off them quite yet. If it is indeed a false positive, you could end up with egg on your face. ;D

I’ve tried expanding the column or at least move the columns around but the … dots remain unchanged and I still can’t see the full url.

I have already e-mail Avast with the information in my first post above, but I could always e-mail them again and point them to this thread too?

It’s a bit tricky. You have to move all columns to the left in order to get enough room to move the last column to the right. Make sence? ???

what I have have is

"http:// minis. freeservers. com/"file (without the spaces)

Thanks and no I’m not going to complain to them, but like I said I did e-mail them to point out the problem and the answer I got was to subscribe to one of their packages so it does kind of figure?

Oh and thanks I’ve got that file sussed now: -

28/07/2007 16:39:58 SYSTEM 1028 Sign of “VBS:Malware (Script)” has been found in "http://minis.freeservers.com/\unp221180178"file.

But I’ve also now noticed this one on my Log Viewer too: -

27/07/2007 18:12:10 SYSTEM 1020 Sign of “VBS:Malware (Script)” has been found in "C:\Documents and Settings \Darryl Turner\Local Settings\Temporary Internet Files\Content.IE5\DMF12Y3Q\minis.freeservers.(1).htm’file.

I guess that’s the one where I tried to open my site via Internet Explorer instead?

Yes

Welcome to the forum!