Wordpress site blocked to Avast users, no one else

Hi there,

My website hxxp://www.kimgray.co.za is being blocked by Avast.

This is the email I received from Jan when I sent an email to Avast support.

Hello, your site is redirecting to domb.fr.mn/in.cgi?2... This is black hole site. Malicious script on your site is checking visitors cookies this is a reason why you can't see this warning more often. You can check attach screen shot what i made when I visited your site. Regards, Jan Sirmer

Now I have had my webhosts (knownhost.com) and paid for third party security consultants (wewatchyourwebsite.com) reivew, clean, rescan etc and Avast users are still being blocked.

I am totally stuck and not sure what I can do. Many of our readers use Avast, so this is critical for me to get to the bottom of.

Can anyone shed more light on my issue / ensure everything is now fine - I have sent support a follow up email but havent heard from them in a few days…

Please help.

Best Regards,

Matthew

Hi digitalproject,

Make that link non-click-through like with wXw. Given as beningn here: http://zulu.zscaler.com/submission/show/7cee29479cf2422f8c6d62140d5d68f6-1331485521 (but with IP issues as mentioned). Sucuri does not have issues: htxp://sitecheck.sucuri.net/results/http://www.kimgray.co.za/
but with the WP version. Webrep: htxp://www.webutation.net/go/review/kimgray.co.za#

polonus

I checked it right now:
hxxp://kimgray.co.za/2010/01/29/beauty-feature-friday-new-look-labello/
contains strange looking script on 13th line (starting with Date&&(a=“396”);…)

Here are the de-obfuscation results: htxp://wepawet.iseclab.org/view.php?hash=5e4f06d0c22e09d39f2e502ead9bafa9&t=1331500612&type=js
See this discussion: htxp://groups.google.com/a/googleproductforums.com/forum/#!category-topic/webmasters/malware–hacked-sites/MusJUCXcbL4
(posters in link from googlegroups: goranefbl and redneck)

polonus

ok, I have removed the post with strange scripts hxxp://kimgray.co.za/2010/01/29/beauty-feature-friday-new-look-labello/

How can I now request that Avast unblocks my site?

Thanks for your help.

Matthew

If it was a Web-Shield block, you don’t need to do anything.

Hi digitalproject,

As you might have experienced, your site is no longer flagged by avast.
Thanks for your feedback, stay secure online,

polonus

Thanks guys, appreciate the feedback.

I will inform my webhosts and security consultants.

Matthew

You’re welcome.