network shield blocks a site wrongly!

hi
i use avast! internet security 6.0.1091
in below pictures u see that network shield and webshield block a site.but im sure that it’s safe! and i want to use this site. i excluded this url: hxtp://asrema1.co.cc but not work! ???
pls tell me how can i fix this problem.
also when i stopped webshield, still network shield blocked site!

Sorry but Sucuri scanner say very infected :-[
http://sucuri.net/malware/malware-entry-mwjs488

see screenshot

it’s odd! but
anyway, can’t i exclude this site?

Hi kamivh1,

Make that site non-click-through like with hxtp://etc.
See the sucuri scan report, site is full of various javascript malware.
Do not exclude site, but inform the admin of that site it has been fallen to malcode,
it has to be cleansed, may have been hacked via: -index.php
(now empty)

polonus

thanx for help!

moderators, but i checked this url with link-scanner & virus-total & more they said it’s clean!
also other members of this site said their antiviruses don’t report it! pls help me.

No other AV report it…yet. Someone has to be the first one…
avast is very often the fist one on these web infections, this is a avast speciality and very often correct

I have uploaded it to some other AV for analysis, i will post the result here when i recive it

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

With all due respect to many of these other scanners, they aren’t in the same league at detecting hacked/infected sites as avast’s Web Shield. When their are multiple detections by the web shield, then the communityIQ feature of avast transmits this information and then the Network Shield would block the site.

The Sucuri scanner does a much more in depth and detailed scan than these other tools also.

If I bypass the network shield, then I get an alert by the Web Shield, image1. Analysing the file that the web shield shows it is an obfuscated zip, image2 extract of the content.

Why this file is loaded by the index.php (and more importantly what it does, I don’t know) is strange, but since there are other areas mentioned by the sucuri scan it certainly looks like the site has been hacked. So the most likely area are the PHP templates as it is possibly the PHP content management software that has been exploited (if it is out of date).

If the OP continues to try and connect to that website, I’ll look forward to his “I’m Infected, Now What?” thread. ::slight_smile:

thanx i just contacted with admin of this site.

You’re welcome.

Hi,

AVAST make a false report about a java script file that is a part of a most popular vBulletin plugin.
http://www.vbulletin.org/forum/showthread.php?t=118048

Please see the source codes:
hxxp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1

There are no any malicious codes.

Please take action to fix the problem in your next software update.

Regards

hi moderators pls notice this.

The problem is we can’t check anything on the hxtp://asrema1.co.cc site as it is blocked and that is based around the information already given.

Please ‘modify’ your post change the URL from http to hXXp or www to wXw (as I have in the quoted text), to break the link and avoid accidental exposure to suspect sites, thanks.

I have visited your first link and I get no alert on that topic, so what exactly is the problem with the vBulletin link ?
You can post an image of the avast alert.

no he means this plugin javascript [font=Verdana]Image resizer[/font] has a false alarm!
this url hxxp://asrema1.co.cc/clientscript/ncode_imageresizer.js?v=1.0.1 has got (image resizer) ,so it’s blocked!

pls fix this problem. im a member of this site,so if u dont fix this i have to change my av!
im a fan of avast! but…

yesterday u said other av’s or sites will add this malicious to their database but they have didn’t yet!
its odd that only avast! blocks it!

That image resizer isn’t the problem on the hxxp://asrema1.co.cc site as that file doesn’t feature in any of the alerts/suspicious files on the securi list, but there are some other vbuletin scripts that are considered suspect.

There really are too many other things too ignore.

ok. i just checked.u were right. at this time kaspersky and f-secure blocked it!!!

Norman analysis

Though the sucuri site check found some mal contents, we couldn't find the same in it.

Thanks
vasanth

still waiting for Avira

i asked other members of this site(hxxp://asrema1.co.cc), and only who had avast! has got the problem! not other av’s!
also another address of this site is blocked! (hxxp://sat4u.org)

my friends have avira,trustport,f-secure,nod32 and kaspersky but non of them have problem.