One of my own web pages blocked as URL:Mal

All of a sudden this morning my Avast! alerted and blocked a certain page on my web site. I scanned my local web files folder and all was clear so I uploaded to my host and overwrote everyting there. Reloaded the web page and still alerted and blocked as URL:Mal. The popup window doesn’t give any other info other than the web page itself.

I asked my web host admin to check my pages and he said all is clean. I then checked on two other pc’s, both running Avast! as well and they were not blocking the page so it has to be something on my PC.

The page in question is hxxp://wxw.passionforpinball.com/mm.htm and, by the way, all my other pages load fine.

Help please! :slight_smile:

EDIT: Ran OTL per essexboys sticky. Log attached, no extra log was created

I don’t know wht the network shield would be blocking a single page but a lot of the images on that page are from a different sub-folder, e.g. passionforpinball.com/mm/ and it could well be that it is that sub-folder which is blocked.

It isn’t unusual for hackers to park malware in folders on your site, so they would effectively be leaching off your bandwidth to deliver malware, so I would carefully examine the contents of the /mm/ folder. This is my best guess as to why it is the network shield alerting and not the web shield (infection/hack/exploit on a single page) that I would have expected for a page.

For the time being - Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

I haven’t seen anything and there are other scanners that don’t either:

http://www.virustotal.com/url-scan/report.html?id=a9c1197c631c23a6f2bdbf63a81f9c99-1311367836
http://www.virustotal.com/file-scan/report.html?id=84f39b61c449ff1604151dfd2f9f40ad82e1fc84261a80275c83146349c95a34-1311375581

Nothing found at this site scanner either http://sitecheck.sucuri.net/scanner/, see image

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

  • If you are reporting an FP, then you get another input field open, and enter the web URL for the site you wish to submit for review, etc. Mention that this is a Network Shield alert and give the link to this topic might help.

Thanks for the quick reply, David.
I had indeed scanned and even fully replaced all files in that folder. Here’s a screen cap of the Avast alert popup;

If Avast is alerting on only one PC I’m a bit skeptical that’s it’s a false positive. Anything is possible, however! I thank you again for your timely assistance.

The image doesn’t change anything as it is Network Shield alerting on a web page and that it was Internet Explorer which was accessing it, when it would normally be alerting on a domain or sub-domain, etc.

So I can only make the assumption that it is something that it doesn’t like about the /mm/ folder contents as the links in that mm.htm page try to access the /mm/ folder to get the images.

My use of the term folder is perhaps a little lax when it is used in relation to a web site, it isn’t alerting on your local system. So I have no idea why there is an anomaly as to why you get an alert on one system when accessing that page and not on the other.

Hi DavidR,

Sometimes this seems to do nothing more than to spread from one system to another and seems without a destructive payload, well at least it is flagged here,

polonus

I’m no longer getting a blocked URL alert. As suggested I filed a false positive report to Avast! and, apparently, they’ve investigated it and found no problems. Perhaps that particular page had gotten blacklisted one time? I do not know and it still doesn’t explain why Avast! would alert on one pc on my network but not others.

In any case all seems well now and I thank all of you for the help! We can close this thread.

You’re welcome, glad that it is now resolved.

Thanks for the feedback.