Our website ‘LogosProductions.Com’ is being labeled by Avast as having ‘Malicious Content’. I am not sure why or how this happened or how to get that label removed. We are a church publisher, and sell products to churches. We also sell on-line subscriptions, where people utilize our website to get to the subscription / product that they want to view. This is creating a huge problem for our customer base who happen to use Avast as thier anti virus protection software. I can assure you that we do not have any malicious content on our website. We have notified our web master / web hosting company who have also assured us that there is no malicious content on the site.

How do we proceed with getting this label removed where Avast is not labeling us this way. It has been about a week now that we have had this label, and I am desparately trying to figure out how to loose the label and allow our faithful customers worry free access to our site again.

Can somebody please help.

Thanks,

Scott

I have no trouble reaching your website and do not get the malicious message.

-Bob

We have had many of our web customers call to say they are being blocked from getting to the site from Avast. We also had one call where somebody was using Norton AV (not sure what version) and they were unable to access the site. We also were notified by a customer who went to the site and was blocked by Websence (enterprise web filtering tool) siting ‘Malicious Content’. I am assuming that we somehow got placed on a blacklist that is perhaps used commonly by several of the main AV companies? I am really not sure what is happening, and why we are experiancing this problem. Any ideas on why it is happening, and how to get it cured? Thanks in advance for any help.

Has your website recently installed anything like a counter or other code segment from an outside source? I get a big Trojan warning from Avast!

It would be good to know what exactly was reported - i.e. what was the full address blocked, or what virus name was reported, if any.

How about a picture from Opera 9.63 attempt?

There is a big block of encrypted javascript, inserted at the end of the page… it doesn’t seem right.
Maybe the site was hacked?

This is the offending massive lump of obfuscated script just before the closing body tag.

I have broken up the single line of code to make it easier to see, I presume that you didn’t place that script tag there ?

ScanDoo also shows the site is infected.

Click the image below to enlarge.

Thanks to all that responded on this. I pointed our web administrator to this thread, and your valuable responses, and he was able to fix the problem. We are now in good standing with Avast.
Many Thanks!

Does anybody know about Websence, and how it gathers it’s Malicious Content data? I see that we are still blocked as a Malicious Content website by them. I would assume there must be a Blacklist or something that we are on, and will need to try to get ourselves removed from that list?? Any ideas on that? Thanks in advance for any opinions, or ideas on the direction I should go on resolving that.

Thanks,
Scott

One other question. Based on the infected code that was noted above, should we be concerned about any residual effects of this virus / infection against our internal network PC users, or customers that have visited our website unprotected?

Thanks,
Scott

Hi Scott :

As far as Websence goes, you might want to contact them based on the Info
available at www.websense.com/site/footer/ContactUs.html !?

Based on what happened, I would question the competancy of your “web hosting
company” that allowed that “script” be placed on your Site !?

As a fellow Christian, perhaps you should seek the Advice of Christian Publisher
Strang Communications, who publish Charisma magazine , for HOW they protect
their Site !?

I don’t know how websence works, but I would imagine that once you get on a list, getting of it takes time.

But my friend google might help, http://en.wikipedia.org/wiki/Websense, there is a link for websense.com and they have a contact us page http://www.websense.com/site/footer/ContactUs.html.

I would say any residual effect after removal of the script and it could be in more than one page is minimal. Your major concern is how they were able to hack your page in the first place, that is something your web administrator is going to have to look at, changing any site passwords (used to modify pages, etc.) to strong ones might help.

As Spiritsongs says your host provider needs to be involved also.