Please help, my site has detected as malware (and all pics, css, icons =) ).
sp63.ru
URL:mal is not malware, but means the url is on a block list…for whatever reason
urlQuer. http://urlquery.net/report.php?id=799476
if you think this is wrong you can report it here. http://www.avast.com/contact-form.php
But avast blocks our pages (look at attachment).
What is “avast block list” and how i can get out of this black list?
see my post above… where to report it
thanks, i have reported to http://www.avast.com/contact-form.php?loadStyles
I see a flavicon.ico related code being flagged here: JS:ScriptPE-inf[Trj]
Given clean here: http://quttera.com/detailed_report/sp63.ru
polonus
I followed your link and see nothing:
0 Malicious
0 Suspicious
0 Potentially suspicious
I don’t understand you.
I mean to say the results are all clean (sucuri’s, quttera’s, urlquery.net etc. etc.), the alert from avast is something related to flavicon related malcode. I guess it is a FP, and good you have reported it to avast,
polonus
You don’t understand me, avast alerts on every page of my site on dynamic pages, static htmls, images, javascripts( and css too 
), not only favicon.ico.
No, the alert is the network shield, it would fire on any link within the domain. The fact that the favicon.ico file is one of the first that is loaded into the address bar, but isn’t specifically related to that file but the domain.
@ zloyrusskiy
When reporting this (using the contact form link given by Pondus), request a network shield review and give a link to this topic as it gives more information.
Other checks reporting clean:
http://sitecheck.sucuri.net/results/www.sp63.ru/ and http://www.urlvoid.com/scan/sp63.ru/.
You already have the link for urlquery reporting clear.
This malware, jsscriptip-inf-trj.html, is also flagged for that site, for instance avast Web Shield flags this for http://wXw.sp63.ru/index.php!{gzip}.
see: http://www.im-infected.com/trojan/jsscriptip-inf-trj.html
polonus
That is what escalation is about enough hits by the web shield and it gets added to the network shield malicious sites list. Now if that has been cleared as all of these scans appear to indicate then it is the network shield review that is required.
No alert by avast on the index page or favicon.ico when the network shield isn’t running.
I installed avast antivirus, disabled network shield and avast webshield is alerting on login page, with HTML:RedirME-inf [Trj]. It’s phpbb forum engine and it’s normal when page redirecting after successful login. WTF?
P.S. where can i see full description of your antivirus threats? There is no information to understand what he did not like at my site at all! >:(
You should have all the information in the web shield alert (use screenshot and attach) or from the web shield, details, Shield log. Or from the raw data file, C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\WebShield.txt (XP) or C:\ProgramData\AVAST Software\Avast\report\WebShield.txt (Vista, win7), these folders may be hidden, you may need to change explorer settings to view hidden files and folders.
The malware name and full URL (modified to prevent active link, hXXp) of the alert gives us a good indication of what the issue is ?
From webreport.txt (with disabled network shield)
23.01.2013 1:50:16 hxtp://www.sp63.ru/ucp.php?mode=login|>{gzip} [L] HTML:RedirME-inf [Trj] (0)
From NetworkShield.txt:
23.01.2013 1:43:02 hxtp://sp63.ru/ [L] URL:Mal (0)
How this information helps me to understand which virus it is?
What is “HTML:RedirME-inf [Trj]” or “URL:Mal”?
it’s looks like heuristic filter common names.
Where i can find full description of this threats?
Where information about details of threat?
Which file on site is dangerous?
I can’t find answers on my questions.
P.S. after today’s morning update of virus bases, antivirus doesn’t alerts anymore yet… no files was changed on my site 
That |>{gzip} at the end indicates that a compressed script file is being loaded and within that compresses script file there is a Redirect, I suspect that the URL it is being redirected to isn’t liked by the Web or Network Shields. The HTML:RedirME-inf [Trj] malware name and the important bit is the -inf part which has previously been associated with injected code.
So was there a compressed script file being loaded on the ucp.php (login) page ?
If there are no longer any alerts by avast it is possible that the compressed script file isn’t being loaded or the redirect URL is no longer considered suspect. Unfortunately as an avast user I can’t tell you which.
Still get an avast Network Shield URL;Mal warning for htxp://sp63.ru
polonus
Today I catched a virus
https://www.virustotal.com/file/19e4834462bd18441c998c1a5ecea0f7f9ce221e01d41c45119c62b433d7df1c/analysis/1358962179/
Avast passed it.
Virus blocked access to internet sites and I get the same message (URL:Mal).
Check the system by another antivirus or check windows registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
- virus is attaching itself to any starting process by that registry key
I know that viruses on client computer may trigger this problem, but i’m owner of that site and it’s doesn’t have any viruses. I wanna to fix this up.
What can i do else to solve this misunderstanding?
I tried to disable frontend gzip compression, but no luck, random parts of site without apparent reason alerts with threats without description 