Hello,
My customer reported a visitor had a popup form Avast WebShield on a file (first one below) on our website. I carefully manage my sites and I am sure that the files are clean but no matter what I do WebShield is reporting JS:Redirector-GH [Trj] and blocking the file. Here are the links to the files.
http://www.petros.com/doc/Petros%20Catering%20Menu.pdf
http://www.petros.com/doc/Petros%20Menu.pdf
http://www.petros.com/doc/application.pdf
http://www.petros.com/doc/Nutritional%20Information.pdf
In addition just to be sure, I downloaded all files and scanned them with Avast, Malwarebytes, Hitman Pro, MSE and all found clean. Then I replaced them with the original files they sent me and they still get the WebShield warning and block. The site has been scanned at Sucuri.net, VirusTotal.com, etc. the files scanned at virusscan.jotti.org here is a link to the scan of the first file. http://virusscan.jotti.org/en/scanresult/c26c90c73f37d0bfbe6205d640351f2f43d74f17
Furthermore I opened each file in Adobe Acrobat and Nitro PDF and resaved them to a new location and uploaded them and still WebShield is reporting JS:Redirector-GH [Trj].
And finally when I first visited the site it WebShield reported jcarousellite_1.0.1.pack.js with HTML:Iframe-inf. I compared the file to the original file for the developer and there is no difference. After that, even reset defaults on Avast including Shield never reported the issue a second time.
So the question is what is going on here? Any help is greatly appreciated.
Thanks in advance.
Russ