Hi, I would like to get some info on this.

Avast free is blocking microelectronicash dot com but doesn’t provide any details about why.

Scanned the URL with a lot of tools and only Avast report it as malicious.

Thanks in advance.

Whoa!

Caution: visiting the site will give 13 consecutive network shield blocks Do not attempt to visit.

Are you sure? Because Googling gives a site out of country here and in Spanish? maybe?

http://zulu.zscaler.com/submission/show/f5a6460ab0cb8547ea919d4b96342134-1376608308
http://urlquery.net/report.php?id=4580428
http://www.urlvoid.com/scan/microelectronicash.com/ Note that MyWOT is unrated for this site.
http://sitecheck.sucuri.net/results/www.microelectronicash.com

Wouldn’t be the first time avast! has detected and blocked new emerging malware at a website, nor will it be the last.

Are you the site’s owner?

See attached:

if you click details on that popup… do you then see the full url?

yea, ends in (site name) …/CSS/lightbox.css That’s the malicious agent being flagged. What the other 12 were, do not know atm.

[EDIT:] Oops, assumed show last popup would show same as attached above, but no…

New attached below:

Hi, I don’t get any related URL, I’m not the site owner either.

if you think this is wrong…

You can report a possible FP here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply

That’s the point, how can I know if it’s for real or a false positive when there is no information at all?
I was expecting someone from avast to explain it.

Contacted another forum member here who is very good at investigating such anomalies as this.

A little more info from avast! user account:

Attached below:

Can images even contain malware?

Yes.

~!Donovan

The whole server got blocked because Darkleech infection was detected. Please contact your host and ask them for resolving this situation - there must be some vulnerability (usually CPanel or Plesk) which lets bad guys upload malicious httpd server or httpd server module.

Well, here is more info thanks to kubecj above: http://www.informationweek.com/security/attacks/darkleech-apache-attacks-intensify/240153922

Walked right into it, too! sigh Failure to install security updates in place when they come out, is what it is. You can look to sys admins for that timely lapse.

Excessive header information:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 16 Aug 2013 07:50:56 GMT
Pragma: no-cache
Location: /index.php?secc=contacto
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=12c718f0d171a39f0fa0c6deb26300d0; path=/
X-Powered-By: PHP/5.2.17
3 security warnings here: https://asafaweb.com/Scan?Url=www.microelectronicash.com
Previous compromise of domain on same IP via /.sys?getexe=v2webserver.exe or /.sys?getexe=v2prx.exe or /.sys?getexe=ms.26.exe
reported here: http://www.malwaredomainlist.com/forums/index.php?topic=3190.2615
see: http://exploitsdownload.com/search/dork%20sql%20injection%202013/90

Flagged

  </div>
    <div class="coldos">
      <div class="modulo">
      <a href="index.php?keyword=PELTIER&secc=catalogo">  
          <div id="imghome03">
          </div>

IP 1 appearance(s) in spam e-mail or spam post url

<embed width="340" height="50" src="images/banner-logos.swf" quality="high"
pluginspage="htxp://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash"
type="application/x-shockwave-flash">
</embed> 

source of malcode ? catalog/view/javascript/DD_belatedPNG_0.0.8a-min.js

polonus

Thank you.

Guys, I know this is not related but by chance, does someone know how to freeze a VMware VM in a way it delete any changes after reboot?
I really need to browse this site for ordering some electronics.

Should be a way, but with this sort of thing, who knows what else is infected over there? Willing to, for example, risk a financial transation where it is set up to possibly clean you out? Reason I say that, is because the sys admin(s) running the infected server no longer control it; the bad guys do. Hence the malware that is present.

Your call.

It’s called a hacked site.

Yeah I know but there is no online payment, I just need to access their catalog.

It’s possible sys admins have no idea there is a problem because the root infection is DarkLeech. Care to notify them (best by phone)? Should be a phone listing somewhere.

Always are alternative sites, btw.