My website hxxp://www.kimgray.co.za is being blocked by Avast.
This is the email I received from Jan when I sent an email to Avast support.
Hello,
your site is redirecting to domb.fr.mn/in.cgi?2... This is black hole site.
Malicious script on your site is checking visitors cookies this is a reason why you can't see this warning more often.
You can check attach screen shot what i made when I visited your site.
Regards,
Jan Sirmer
Now I have had my webhosts (knownhost.com) and paid for third party security consultants (wewatchyourwebsite.com) reivew, clean, rescan etc and Avast users are still being blocked.
I am totally stuck and not sure what I can do. Many of our readers use Avast, so this is critical for me to get to the bottom of.
Can anyone shed more light on my issue / ensure everything is now fine - I have sent support a follow up email but havent heard from them in a few days…
I checked it right now:
hxxp://kimgray.co.za/2010/01/29/beauty-feature-friday-new-look-labello/
contains strange looking script on 13th line (starting with Date&&(a=“396”);…)
Here are the de-obfuscation results: htxp://wepawet.iseclab.org/view.php?hash=5e4f06d0c22e09d39f2e502ead9bafa9&t=1331500612&type=js
See this discussion: htxp://groups.google.com/a/googleproductforums.com/forum/#!category-topic/webmasters/malware–hacked-sites/MusJUCXcbL4
(posters in link from googlegroups: goranefbl and redneck)