I was logged onto the T-Mobile website about to pay my bill and a popup came up saying “Warning: This site could have harmed your computer” With the Avast logo and a place to download Avast, which I already have running on my computer. I was immediately suspicious but it wouldn’t let me close the box. I had to leave the website. I don’t think this was from Avast was it?
I ran Malware Bytes and it found a ton of stuff that I deleted, but when I went back to the T-Mobile site it did the same thing. So I have two questions. Is this actually an Avast warning, and how do I get rid of this. I looked online and it seemed like maybe I have a “rogue Virus.”
I see the same error message when accessing our web site at https://wXw.nabezky.sk/. I checked the blacklist on http://mxtoolbox.com and the site is not listed there. Avast does not offer any clues as to what could be the problem.
By the way, we have another web site running on the same server - kuchyna.zajezka.sk - that Avast is not blocking. Not sure how to troubleshoot this issue - can anybody help?
Also, poster @Michael is asking “Can you please attach Malwarebytes” but I am not sure what does it mean. Malwarebytes seems to be some kind of virus protection app and attaching an app to a comment on this forum does not make sense to me.
For help start your own topic, helping mutiple users in same topic is chaos … and topic is almost a year old
Also, poster @Michael is asking "Can you please attach Malwarebytes" but I am not sure what does it mean. Malwarebytes seems to be some kind of virus protection app and attaching an app to a comment on this forum does not make sense to me.
He means the scan log ..... as the topic starter said it found and removed a ton of stuff
Thank you both for replying. There is one thing that puzzles me - that I have two web sites running on the same VPS and the same web server (Apache) and one is (nabezky.sk) and one is not (kuchyna.zajezka.sk) being blocked by Avast. So I doubt the Apache version has anything to do with the fact that Avast is blocking only one of those sites. It seems that the problem could be in the (DNS) zone file, but the sites you mention in your replies do not indicate problems there (or I do not understand the reports).
@Pondus, I tried to recreate the steps you might have taken when investigating my report. I went to the virustotal site and entered the reported URL. The report came clean: https://www.virustotal.com/en/url/0d90532a955cbb3b8ca0173eca0dd61bdb465955510a4791259e63bb0b1da4bc/analysis/1420967480/
You - however - provided URL for a report page originating in some “IP history”. I do not know what does that mean, because on the virustotal report page I do not see a link to IP history.
Regardless, I read the IP report and think that the only potential red flag for the IP number is the record in the “Latest detected files that communicate with this IP address” section. It mentions an event that occurred on 2014-07-21 02:15:01 (almost 6 months ago) where during testing of some file our server was contacted by the tested file. I have 2 questions:
given that the test was performed 6 months ago, is it possible to re-run the IP test or get more info about what domain/URL was the tested file targeting during that testing event on 2014-07-21 02:15:01? I would like to remove it as I am the sys admin of that server.
Avast blocked the site because it was hosted via afraid dot org and all such sites are blocked as by default.
Steer away from afraid dot org and avast may unblock site as soons as with a next update!
polonus (volunteer website security analyst and website error-hunter)
@Pondus, I tried to recreate the steps you might have taken when investigating my report. I went to the virustotal site and entered the reported URL. The report came clean:
https://www.virustotal.com/en/url/0d90532a955cbb3b8ca0173eca0dd61bdb465955510a4791259e63bb0b1da4bc/analysis/1420967480/
You - however - provided URL for a report page originating in some "IP history". I do not know what does that mean,[b] because on the virustotal report page I do not see a link to IP history[/b].
click your VT report link > click the additional information tab > there you will see IP address … now copy it
go back to www.virustotal.com > click search option > paste in the IP and click search button …result IP history
anyway, reason for blacklisting is using afraid.org, evrything from afraid is blocked. why is explained many times if you search forum
Hi polonus. Thank you for the tip about afraid.org. In the past couple of days I migrated my domains hosted there to different providers. The problem still does not seem to be completely resolved though, at least when accessing the nabezky.sk site from IE. Firefox allows me to get to the https://www.nabezky.sk/ if typed as shown, but if I type “nabezky.sk”, the Avast warning pop-up is shown. The server then redirects to https://www.nabezky.sk/ (there is a directive for this in the .htaccess file on the server) and I can browse the site without problems.
Also, in Firefox the Avast icon is gray and claims that nabezky.sk is “unknown site”. Should I wait longer for Avast to recognize the DNS server changes or is there something else I should do?