URL blocked..

Hi, I have filled in the little form a few times to report that my church website is being blocked by Avast free AV. My uncle has also filled it in.
The URL is xww.parishoflisburn.org
I checked it out on the URL checker I came across on this forum while searching for a solution. It came up as safe.
It was reported about six days ago.
The address is being allowed by MSE and AVG on other computers.
Can someone please help?

The address is being allowed by MSE and AVG on other computers.
But not by bitdefender and CleanMX

urlvoid http://www.urlvoid.com/scan/parishoflisburn.org/
https://www.virustotal.com/nb/url/ffa1ed20a54fd5e54cd151d29531c4f28df27aaf0431473747fbcbb90db98cca/analysis/1378676435/

urlquery: http://urlquery.net/report.php?id=5030866 scroll Down to Recent reports on same IP/ASN/Domain
and there you find this on same IP http://urlquery.net/report.php?id=4935175 Intrusion Detection Systems: that give detection from Suricata / Snort filter

so this may be bc you are on same IP

You can report FP to avast here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply here

Thanks Pondus for your help. I will do as you asked.

Hello,
there was “parishoflisburn.org/c2085956765f2f2c43bf37ef4d154938/q.php” (it looks like hacked by Blackhole2), can you confirm that you have cleaned it?

Milos

There is also this code hick-up there:
parishoflisburn.org/wp-content/plugins/wp-cycle/jquery.cycle.all.min.js?ver=3.6 benign
[nothing detected] (script) parishoflisburn.org/wp-content/plugins/wp-cycle/jquery.cycle.all.min.js?ver=3.6
status: (referer=wXw.parishoflisburn.org/)saved 30067 bytes d275e94f710e820b4c253ff144164b6b4e37a7c9
info: [decodingLevel=0] found JavaScript
suspicious:

Apparently cleansed?: see: http://jsunpack.jeek.org/?report=0d85fff6f7d5785e2f4b4fcff34ca188e9356e7f
http://parishoflisburn.org/xmlrpc.php - Ok
and http://urlquery.net/report.php?id=5043261
X-Pingback: htxp://parishoflisburn.org/xmlrpc.php
Location: htxp://parishoflisburn.org/
Note: This line has redirected the request to htxp://parishoflisburn.org/
The location line in the header above has redirected the request to: hxtp://parishoflisburn.org/ canonical

polonus

Milos hello, I’m unsure about how to go about cleaning it. Thanks for reply.

Hello polonus, this is getting too deep for me. :frowning:

Here you have the urlquery report: http://urlquery.net/report.php?id=3380524
The infection is desribed here: http://community.websense.com/blogs/securitylabs/archive/tags/Blackhole+exploit+kit/default.aspx

htxp://parishoflisburn.org/c2085956765f2f2c43bf37ef4d154938/c2085956765f2f2c43bf37ef4d154938/q.php?palwaw=1n:2w:1f:1i:33
autodirects go to youtube.com/embed/QV3OfHmEq5c|{gzip} infected with JS:ScriptPE-inf[Trj] and therefore blocked by avast! Web Shield!
normalised as http://youtube.com/torsunov

polonus

Thanks polonus, does that mean then that the decision by Avast stands? It doesn’t really matter to me as I can get to the site on other machines.???
But my uncle has only the one computer running Avast, he is in trouble unless something changes.
I don’t know whether or not all has been done but my thanks goes to yourself Milos and Pondus.

Would one of you nice guys at Avast have a look at this and help me understand why parishoflisburn.org is still being blocked?

http://sitecheck.sucuri.net/results/xww.parishoflisburn.org