URL:mal warning on a website that appears to be clean?

Viruses and worms
1

Hello,

If anyone can help shed some light on this, it would be greatly appreciated.
A website I have done some work on in the past has recently been causing Avast to throw up a “Malicious URL Blocked” message, and I was asked to try and identify the source of the problem. The details of the warning are as follows:

[code=“Malicious URL Blocked”]Avast NetworkShield has blocked a harmful site.
Object: hXXp://www.earenfroe.com
Infection: URL:mal
Process: C:\users\username\AppData\local\Google\Chrome.…\chrome.exe



Unfortunately I have had no such luck. I downloaded the entire contents of the [b]public_html[/b] folder and ran a scan using ClamXav (Mac) and Avast (PC), and got a clean set of results. I also ran the site through the following sites:

hXXp://siteinspector.comodo.com/public
hXXp://www.virustotal.com/index.html#url-submission
hXXp://www.avg.com.au/resources/web-page-scanner/
hXXp://www.urlvoid.com/ 

All returned results that claim the site to be both safe and clean. 
Once again, the site is hXXp://www.earenfroe.com

One more piece of information that may be useful...
I only have access to the [b]public_html[/b] folder. If the problem is somewhere else on the domain, this would have to be directed to a higher level administrator.

Any help is appreciated.

Thanks!
2

Nothing here

VirusTotal - HTML scan
http://www.virustotal.com/file-scan/report.html?id=269537c4c5f0a30ab561294048b42419b7a7c019c514ba8e889bb1c4d7b88148-1315870677

what VPS do you have ?.. latest is 12.9.2011 - 110912-1

3

Thanks for the reply, and for also running a check.

I am running the latest 12.9.2011 - 110912-1
And the version of Avast itself is 6.0.1289 (Free version)

4

Are there any other methods that I can use to determine if this site truly has an issue right now, or is merely throwing up a false positive?

5

Okay, so I just spent over an hour on telephone support with Avast, and after the full explanation of what is going on, the only thing they did was walk me through the steps to add this domain to my exclusion list.

That is not what I was trying to achieve… I knew how to add exclusions already. What I need to know is what Avast is flagging this as a malicious site when every scanner out there is reporting that it is clean!

Please, HELP!

6

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

7

This was a FP, removed, will be fixed in the next build.

I somehow don’t like the advice you’ve received - nobody should ever put site in exclusions on their own, because they usually have no expertise to decide if it’s fp or not - this is very, very often proven on this forum even by authors of websited themselves.

You used phone support, so I can assume it was Yiogi?

8

That is correct.

9
Okay, so I just spent over an hour on telephone support with Avast, and after the full explanation of what is going on, the only thing they did was walk me through the steps to add this domain to my exclusion list.

Not only that, but wasn’t the information was wrong anyway…there is no exclusion list for the network shield is there?