Website reported as blocked for URL:Mal, report false infection?

Viruses and worms
1

Avast keeps reporting my church’s podcast site as having a URL:MAL Infection. Their main site: connectioncc.org loads just fine, but their podcasts are hosted on connectioncc.com/podcast/files/. If I try to go here with webshield on, it says its infected by URL:MAL. Turning off webshield if’s just an index of MP3 Files, so I don’t see there being any malware. Can I tell avast to ignore this site (Exceptions TAB isn’t working), without disabling malware url checking entirely or get Avast to remove the site from their database?

Thanks!!

–Matt

2

hello

use virus@avast.com with “False positive” in email subject.

or http://www.avast.com/contact-form.php

3
Avast keeps reporting my church's podcast site as having a URL:MAL Infection
URL.mal is not a infection ..... it means the URL and/or IP is on a blacklist for whatever reason ..... does not have to be infected
4

sorry for the delay but that I can do it
we will unblocked now

Hello Matt, This is a false positive, it should be fixed in the new update. Best Regards

Richard Šrank
avast! Technical Support Specialist

5

Please help me,

I have the same problem, when I access the my site:
http://www.publiguiaperu.com/

I am thinking that is a FP.

Thanks.

6

JQuery vulnerable libraries (need to be fixed) :
http://retire.insecurity.today/#!/scan/5078b0779e8607a81190aaaf34449fbc909bf19e9d07c864d31ce830c731e0e3

Blacklisted :
http://urlquery.net/report.php?id=1460540143143

Browser difference :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.publiguiaperu.com

The problem is likely the use of shared hosting.

7

I removed publiguiaperu.com from our blacklist :wink:

8

Please help me,

I have the same problem, when I access the my site:
https://www.myshop.lk/

i have cleaned the files now and its still showing “URL.mal”
it means the URL and/or IP is on a blacklist, can you please remove it now

Thanks.

9

https://sitecheck.sucuri.net/results/www.myshop.lk/

10

Yes, i have checked securi site, but i have scanned the whole site by eset and avast virus guard, its showing its all are clear, but i am confused now. What should i do now?

11

Guess you haven’t read the Sucuri results :

How to get my site removed from their blacklist? If you are a Sucuri customer, just fill a malware removal request in your support dashboard. Our team will double check your site (and clean whatever needs to be cleaned) and contact ESET about it.

If you are not a Sucuri customer (and using our free sitecheck), you will need to make sure your site is cleaned first. Once you do that, email samples@eset.com and they will re-check the site.

Here are more scan results :
http://zulu.zscaler.com/submission/show/90e08d4502b32f4a3dcc5be2e20e88c9-1469165407
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.myshop.lk
https://www.virustotal.com/en/url/5fcbcf42c33ab23c15670c439cc9f206c0f12d39f5a6372248c1c83416bbd016/analysis/1469165422/
http://www.urlvoid.com/scan/myshop.lk/
http://urlquery.net/report.php?id=1469164450793
https://www.virustotal.com/en/ip-address/166.62.10.227/information/
http://urlquery.net/report.php?id=1469164607118
http://multirbl.valli.org/lookup/166.62.10.227.html

What should i do now?
- Step away from GoDaddy and get yourself dedicated hosting at a reliable host that takes security seriously - Contact Sucuri and have them fix the problems
12

OK, thank you sir, i will send a mail to ‘samples@eset.com’ and update you, but avast also blocking my website? its showing URL:Mal??

13

You can report a URL here: https://www.avast.com/report-a-url.php

14

I have removed “myshop.lk” from our blacklist :wink:

15

Hello,

It seems my website has the same problem: http://pouyas.com/
Could you please remove it from the blacklist?

Thanks

16

Blacklisted IP :
http://zulu.zscaler.com/submission/show/d79772dfd3540950ed0d759372ab38d9-1471798737

Outdated software :
https://sitecheck.sucuri.net/results/pouyas.com

Problems on that ASN :
http://urlquery.net/report.php?id=1471799039616
http://urlquery.net/report.php?id=1471799061736

Vulnerable libraries :
http://retire.insecurity.today/#!/scan/799ab1b9714b9603c97bfdaf9eeeccde2b1f8717888e557814454b80152b5006

17

http://i.imgur.com/B1Kaa95.png

Hello.

IP compromised

http://www.ipvoid.com/scan/67.23.226.139/
http://www.urlvoid.com/ip/67.23.226.139/

I will Report to virus analyst
18

The IP was infected with Locky ransomware 20 days ago. I have unblocked it for now, but I strongly advise using a different hosting.

19

HonzaZ is right and the more so,
because the IP there functions as a Locky distribution site,
re: https://ransomwaretracker.abuse.ch/host/67.23.226.139/

Confirmed here for that sample MS5 dc9db417c58c2c1e9615b6c0e0aed913
See: https://tracker.h3x.eu/corpus/400

Latest 100 files (malware samples) dropped by this distribution site.

polonus (volunteer website security analyst and website error-hunter)

20

Hi Avast Team.

I have the same issue (false infection). I need your help to take my site out of your black list.

espanholparaviagem[.]com

Thanks a lot.
Regards,
Tarcisio.