Hi.

All sites below have no viruses, but blocked by latest version of Avast. Sites was checked by virustotal and urlvoid. Please remove my sites from black list! Thank you.

I wrote to avast by contact at hxxt://www.avast.com/ru-ru/contact-form.php, but nothing happens.

hxxp://www.carnano.ru/
hxxps://www.virustotal.com/url/2e13660f889e154484fe17a1860c29c2e0a09c3feaece2bb21f311e2c502f3a6/analysis/1338493517/
hxxp://urlvoid.com/scan/carnano.ru/

hxxp://forum.carnano.ru/
hxxps://www.virustotal.com/url/39eb30dab5bfa0abe081de47e055198c01b1b908efdc11460c8b644d771958c9/analysis/1338493699/
hxxp://urlvoid.com/scan/forum.carnano.ru/

hxxp://www.carnano.biz/
hxxps://www.virustotal.com/url/0fbcf159957098ca17f709c41f0f5e0f60238b14ff0892226a0cfa4043019ca9/analysis/1338493307/
hxxp://urlvoid.com/scan/carnano.biz/

hxxp://blog.carnano.biz/
hxxps://www.virustotal.com/url/5011863044bd4d25a515d18a01d58b37423111798eb113e8b96654278256c750/analysis/1338493642/
hxxp://urlvoid.com/scan/blog.carnano.biz/

Both of these are hosted on the same IP address 199.15.252.136 and I suspect that there are other domains hosted on that IP address (though I can only see 3, all related to carnano) it is possible that one or more of them may be infected and it is the IP address that is actually blocked. Or you have recently had an infection on one of the domains or possibly other domains that were previously allocated that IP address, possibly more likely.

Usually when reported if confirmed to be a false positive they are quick to correct.

When did you use the contact-form ?

I would use the contact-form again and since your English is very good it may be worth using the English contact form (it may be a quicker response).

http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

• If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review (Network Shield - IP Blocking).

A link to this topic also wouldn’t hurt as it provides useful information, urlvoid, etc.

• E:\Images\CapturedScreenPrint\contact_avast_form_fp_web.png

I sent request to support a week ago. All my sites are clear, I check all, hosted on this server. This hosting server is used by me not so far, maybe sites, previously located on this IP, were infected, I don’t know. My other site hosted on the IP, that was used for carnano.ru some time ago, are alive and not blocked by avast. This is means, that the source of problem is not in my sites.

Is it normal to send a lot of messages to support with the same problem? And how many messages I need to send to close this issue?

My advice is that of an avast user, I don’t work for avast. As I said, generally they are quick to correct, that is why I suggested using the default English contact form to see if it has a quicker response. As to how many times you need to send it, if it were my site I certainly wouldn’t wait, after a few days I would submit it again.

The IP had malware on that has been closed or is dead now: trojan downloaders and dropper agent variants, and site then came with - Detected BlackHole exploit kit HTTP GET request - alert, that must have been the reason for the block,

polonus

Thanks for the confirmation Polonus.