Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » [SOLVED] AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931)
August 20, 2012 15:56 [SOLVED] AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #214839
Top
Marquisa

Avatar

Novice
Join Date: 17.8.2012
Posts: 4
Hello,

I'm wondering if there's any way to determine why AVG has flagged our website, hyphenet.com for having active exploits?

I've already sdbmitted the URL for being improperly flagged, but I have yet to hear a response, although I see on the AVG threat labs, it was updated to say that exploits were recently found within the last few days. It keeps saying our site is a ransomware site when it is NOT.

Now, I have ran our website through other online scanners: virustotal.com, sucuri's sitecheck, and webpawet -- AVG is the ONLY thing detecting a threat.

If a threat is legitimately being detected, I want to know where it is being found so it can be removed. We are a VAR and we often blog about the latest security threats and provide tips on how to steer clear of malware, so the last thing we want is for users to have their machines infected if our site has really been compromised, or even scared into thinking it may become infected.

Please look into this and let me know whats going on because we not only have a reputation to uphold, but we do not want to put our website visitors at risk.

Here's our site report on AVGthreatlabs.com: http://www.avgthreatlabs.com/sitereports/domain/hyphenet.com

Thank you,
Marquisa
August 20, 2012 21:37 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #214846
Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
@ Marquisa

Have a look @ this link http://www.avg.com/ww-en/page-rating-report.

Also have a look @ FAQ #2889.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
August 22, 2012 07:55 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #214928
Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hello Marquisa,

I browsed the hyphenet.com website briefly but was unable to induce any detection. Have you followed BIG AL 43's advice?

If there is a particular page detected, please provide us with exact URL, but replace the http prefix with hxxp (so the link won't be clickable in the forum) to make sure nobody visits it occasionally in case it is indeed infected.

Thank you.



AVG Team
How-To articles | FAQ | Free Support
August 22, 2012 16:41 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #214971
Top
Marquisa

Avatar

Novice
Join Date: 17.8.2012
Posts: 4
Yes, I checked out the links provided by BIG AL43:
- I already submitted a false report before posting in the forums, but never got any type of response.
- I reviewed the JS on our site, made sure the last modified dates coincided with times I've actually updated the website and even re-loaded it from backups JUST in case.

I do not have AVG installed on my machine, I use a completely different antivirus vendor -- and I've never detected anything on our website, which I visit on a daily basis.

I became aware of the infection because I stumbled across another forum where an AVG user posted that they'd received a notification warning. Now, I find it odd that AVG alerted them that our site was a ransomware site because this individual was attempting to read a blog post about the Reveton ransomware that's currently going around. See the post here: hxxp://www.hyphenet.com/blog/2012/05/31/fbi-warns-users-not-to-fall-for-reveton-ransomware-scam/

I'm not sure if that had anything to do with it, but I thought that was very odd that our site was specifically labeled as a ransomware site!

That's when I went to check avgthreatlabs.com and found that you guys were saying there were active exploits and warning users to surf with caution.

Again, I have scanned our site with numerous site scanners, reviewed code -- everything. Never saw anything indicating an infection. I just wanted to make sure that this really was a false positive on AVG's end. If it is, I would like that the AVGthreatlabs.com website be updated to reflect this.
August 22, 2012 17:34 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #214972
Top
Marquisa

Avatar

Novice
Join Date: 17.8.2012
Posts: 4
Alright, I was able to test the site with a PC running AVG and here's what I found:

Only one page appears to be getting flagged, which is that ransomware post I mentioned previously. hxxp://www.hyphenet.com/blog/2012/05/31/fbi-warns-users-not-to-fall-for-reveton-ransomware-scam/

On the PC was AVG version 2012.0.2197 (virus definition db 2437/5217), link scanner version 1216 and toolbar version 12.2.0.5. It blocks the page with the error "Ransomware Web Site (Type 1931)".

However, I checked with another PC running a paid version of AVG and it did NOT block the page. AVG version 10.0.1424.

Again, I checked the code of this page and there's nothing different from this page from others, so I'm not sure why this page is being flagged when everything else is fine?
August 23, 2012 11:44 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #215012
Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hi Marquisa,

I regret to inform you that we were unable to access the abovementioned page -> Error 354 (net::ERR_CONTENT_LENGTH_MISMATCH): The server unexpectedly closed the connection.

Based on the described behavior, it seems that the detection has been removed. Although the virus database appears to be updated on the first testing system, the LinkScanner database may have been outdated at the moment, therefore the page was detected... but that's mere speculation at the moment.

We have passed this issue to our web threats analysts to provide us with more information. We'll post more in this thread as soon as possible.



AVG Team
How-To articles | FAQ | Free Support
August 24, 2012 07:05 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #215085
Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Re: AVG Flagged Our Site..

Hi Marquisa,

We can confirm this was a false alarm (triggered by the blog entry containing some HTML code the LinkScanner signature was designed to detect).
An AVG update removing this detection is being distributed.

I'll rename this forum thread to make the message more visible.

We are sorry for the inconvenience.



AVG Team
How-To articles | FAQ | Free Support
August 24, 2012 15:31 Re: AVG Detecting Hyphenet.com As Ransomware Web Site (Type 1931) #215120
Top
Marquisa

Avatar

Novice
Join Date: 17.8.2012
Posts: 4
Awesome! I'm glad to hear that it was a false alarm! The last thing we would want to do is put our website visitors at risk.

Thank you for your assistance in figuring this out!

Have a great weekend!