Problem with website URL:Mal

Hi,

We are having a problem with a website we have created and his being blocked by Avast and a few other antiviruses. And i’m being unable to find the reason.

We have paased a few online checkers (Sucuru, urlQuery, etc) y all say the web is ok.

http://urlquery.net/report.php?id=287954

The web is:

hXXp://www.XXXXXXXXXXXXX.com/

We’are starting to think that it is a script from us that is kind of wrong, and the antiviruses are mistaking it with malware software. We have revised, and we don’t seem to have any script inyection, or any call to a strange server. We were going to start striping the website, deleting things to start from a point were avast let us enter, and work from there.

But we have seen that we can’t even enter to a page were we only do a echo of phpinfo().

hXXp://www.XXXXXXXXXXXXXX.com/phpinfo.php

Do you have any idea that is happening?, What can we do? and what should be the next steps?

We have already downloaded everything, passed an antivirus and upload it, change the passwords, etc.

Thank you for any help,

Mario

see the IDS alert in your urlQuery link…

This is another code hick-up there found by Quttera’s:
all-include.js
File size[byte]:
35793
Threat type:
Potentially Suspicious
Details:
Our investigation system run out of memory used for execution process.
Reason:
Reached execution stack limit. Stack content: [ = ]
MD5:
773C8C53B6F9B814F4B7F90948D4476C
Scan duration[sec]:
1.011000

and a further issue found up with a javascript unpacker:

wXw.revistamipediatra.com/wp-content/themes/twentyten/js/jquery1.3.2.js benign
[nothing detected] (script) wXw.revistamipediatra.com/wp-content/themes/twentyten/js/jquery1.3.2.js
status: (referer=wXw.revistamipediatra.com/)saved 72174 bytes 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious
Site is vulnerable because of outdated website software:
WordPress version: WordPress 3.1.4
Wordpress version from source: 3.1.4
Wordpress Version 3.1.x based on: htxp://www.revistamipediatra.com/wp-includes/js/autosave.js
WordPress theme: htxp://www.revistamipediatra.com/wp-content/themes/twentyten/
WordPress version outdated: Upgrade required, according to Sucuri’s…

polonus

What do you mean by IDs Alert?

Thanks, We’ll be checkin those out.

We have deleted the whole site, but still getting the block from Avast, when trying to enter to any fictitous file?

What can we do if even without site we are being blocked?

Intrusion Detection Systems

I’m sorry but I’m not familiar with the term.

I see both alerts with severity 3, but don’t know exactly what they mean.