What malware is supposed to be hosted at my site?

Avast users are getting a warning when accessing hxtp://escaladenotas.cl
Is this a false positive? At one point I assumed it was the faulty virus database released on Monday, but I’m still getting this warning?

Thanks in advance.

Avast detects it as infected with URL:MAL, probably cross site scripting attack …clicktale
See: htxp://jsunpack.jeek.org/dec/go?report=5de05ecce6aaa479e7ac7a3413b56bbf0c8f00b1
Go there only if you are security aware, sandboxed and with ample script protection…

polonus

I can’t see anything that avast would directly alert to, i.e. the site seems to scan clean.

I can’t quite fathom this one out…Ignoring the network shield, I don’t get any alerts on the site, but trying to translate with google causes an alert
(This however could be related to the way google translate works - including the site within a frame…and if the site is blocked by network shield then could cause an alert.)

That said, this clicktale seems interesting…
http://www.mywot.com/en/scorecard/s.clicktale.net

Either way, I’d say that this needs someone from the avast team to comment.

Scott

I see that in my Network Shield log all the time. It blocks Google Analytics.

Think I have found it, it is this there script on the site "src= … htxp://s.clicktale.net/WRb6.js
similar like htxp://urls–clicktale–net.reachlocal.net/WRb6.js So like google is blocking here:
hxtp://www.careerint.com/SearchVacancies/…/wrb6js.htm

When it is hxtp://www.google-analytics.com/ga.js it must be altered…

I hope I can get this confirmed,

@jipumarino make the link htxp// until the site is cleansed…

polonus

Hi, thank you all for your help.
I already disabled clicktale entirely, but I keep getting the same warning, so Analytics seems to be the one to blame. What can be so special about my Analytics setup?

Again, thanks for your help.

This is the network shield, so it would take avast to have a look, and determine whether it can be removed from the block list…
You can report it here:
http://www.avast.com/contact-form.php?loadStyles

Hi jipumarino,

Looked into your site, the sucuri scan is all green. But it seems there is another issue now &usg=AFQ etc. HTML:RedirME-inf[Trj] now found by the Webshield, it seems your site has been hacked and you have to cleanse and upgrade your webapps, see attached gif image…

polonus