Site clean in blacklist

Viruses and worms
1

The site had a malware infection months ago. Now it clean, but avast still blocks the site. Can you exclude the site from avast’s blacklist?
The site is hxtp://www.skizzoweb.it/

2

Hi skizzoweb,

Site is still vulnerable because
Joomla Version: 2.5.1
Joomla Version 2.5 for: htxp://www.skizzoweb.it//media/system/js/caption.js
Joomla Version 2.5.x for: htxp://www.skizzoweb.it//language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Found malcious here: http://zulu.zscaler.com/submission/show/0621d4ed9ef08f3cdee88092184f8e92-1342039484
There might be a IP block, because as most of the malware for that IP is now been closed or dead, there were various instances of
JS/Redirector.MJ, Gen:Variant.TDss.66, also redirects to blackhole exploit kit (see another domain on that IP: http://urlquery.net/report.php?id=86284)
Site may not have malware at the moment, but that Joomla should be upgraded to prevent renewed malware infestations,

polonus

3

ok, thanks
I’ve just update the all site to joomla 2.5.6 so can you remove it to the black list since there is nomore malware?

is important because one of my co-worker have to work but can not access the site…

4

well…it not just on one list

http://urlvoid.com/scan/skizzoweb.it/

http://www.siteadvisor.com/sites/skizzoweb.it

5

yes but why? has not malware … on those sites is not explained why … now it has also been updated to the latest version of joomla …
6 months ago just because he took a malware?

please tell me at least one reason. thanks

6

http://zulu.zscaler.com/submission/show/0621d4ed9ef08f3cdee88092184f8e92-1342076409

7

Hi Asyn,

I see this: script) www.skizzoweb dot it/templates/viagranitti1.7/js/cufon-yui.js
status: (referer=www.skizzoweb dot it/)saved 18260 bytes 42233f1fdb7d6c9b0943faaa2346f056e8c3109f
info: [decodingLevel=0] found JavaScript suspicious:
Site server gives away full version number etc. to the world, this should be avoided…
Also blacklisted here: re: http://www.dshield.org/tools/suspicious_domains.html
& see: http://www.dshield.org/feeds/suspiciousdomains_High.txt
DNS: http://www.robtex.com/dns/inline.de.html
This was the bad guy on that IP: http://urlquery.net/report.php?id=86281
and also this one: http://urlquery.net/report.php?id=85847
Random number generator blackhole kit exploit Prototype Catch Jun 18 2012

polonus

8

Hello,
we will change the detection to not block the whole domain.

Milos

9

Thanks!!!

10

Hi skizzoweb,

Now you see. All is well that ends well.
Also report to others that still have the domain still blacklisted.
Stay safe and secure online,

polonus