Dear AVAST
Please stop blocking the my site’s
Block exposes us to the very large losses,
It was hacking into our server files have been deleted, downloaded from the server brought avast antivirus and other programs, there are no errors and threats.
the block sites:
hxxp://mamajakty.pl/
hxxp://personalart.pl/
So it may be your HOST (s35-www.ogicom.net) that is responsible for your site being blocked as the block (If Network Shield) may be on the IP address not domain name.
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review (Network Shield), etc. A link to this topic also wouldn’t hurt.
Hello,
your sites were hacked. But I check it and it looks clean for now. I removed our detection but you should to check your computer for password stealers viruses and change all your passwords, expecially to FTP including website scripts. Another thing you should to do is keep all your website tools up to date.
Regards,
Jan
@ pablo77
URL Void doesn’t go into much detail as it is just referring to database listings I believe. At the moment I can’t connect to urlvoid, it is very slow right now. But that matters not, what does is you have submitted it for review and Sirmer from the avast virus labs has reviewed it and will be removed from the avast detections.
The “SURBL Block” appears to be having some issues with your site. Follow the following steps to remove blacklisting.
[ol] - Please follow this link: http://www.surbl.org/surbl-analysis
- Type in your URL into the Domain or IP textbox, Then click Check button.
- It will generate the results of your page, in this case, it is blacklisted by AB and WS.
- Follow The SURBL Blacklist Removal Request instructions carefully.
- When you are done, click the Request Removal button.[/ol]
I also have a feeling that this is what is causing the Iframer alert by avast. See attachment #1.
Thanks for that analysis. Also see: hxtp://zulu.zscaler.com/submission/show/7d042410f7a38e95551e0e21d0ff2b38-1331853456
conflicting with this: hxtp://www.malware-control.com/statics-pages/4d4995179defadb4e356fb42919ee57e.php
supported by this info from another site analysis: hxtp://wepawet.iseclab.org/view.php?type=js&hash=d718b67ca40d1d2ce38a2b861bc7f762&t=1252927957 (susicious involved in Liberty malware campaign)
@pablo77,
What you could do to make the site more secure? The website gives away that content is being generated dynamically through the"X-Powered-By" HTTP Header, It is advized to remove this header. Spam check, Safe browsing check OK. Reconsider what iDonovan said about used tracking graphics, IP is not listed in Offensive IP Database, according to the Bizimbal.report,
Site had HTML:Script-inf on it since 2012-03-15 17:50:11 https://www.virustotal.com/file/4f3e923015ab3922ab98cdb44d849b65cd3f5d836a1a50402a44b64cf8c2bd1f/analysis/
So only flagged by avast and Gdata, which could make a false positive more likely,
Going to the site now is no longer flagged by avast, but Bitdefender TrafficLight stops me from going there (malware found),
And rightly so, you stumbled upon some evidence according to the malware-control dot com list. These malware connexion points are all for polish domains and probably part of that specific malware campaign, e.g.specifically given: htxp://s1.hit.stat24.com/cachedscriptxy.js & htxp://s1.hit.stat24.com/_1203017760781/script.js?id=1wCbieMFZF9fwlrRKi.PRXXWj_5BGOd8d5fRxb.cFQP.S7/l=11 which is redirecting to st.hit.gemius dot pl and also goes via htxp://s1.hit.stat24.com/cachedscriptxy.js , avast would detects that malcode as Win32:Dropper-FZW [Drp] ,