comments based on false blacklisting

mogumbo
Posts: 3
Joined: Fri Dec 10, 2010 9:06 pm

comments based on false blacklisting

Post by mogumbo » Fri Dec 10, 2010 9:06 pm

Hi,
I am the owner of www.reallyslick.com. On October 29, this site was blacklisted by freepcsecurity.co.uk. This appears to have resulted in a string of negative comments about my website, which all began on the same date. Since then, freepcsecurity has listened to my comments and corrected the mistake. Please notice that my site is no longer on their blacklist and see the comments at the bottom of their page: http://www.freepcsecurity.co.uk/2010/10 ... ctober-29/

Now, is there anything I can do about this string of negative comments on mywot.com since they are all based on false information? http://www.mywot.com/en/scorecard/reallyslick.com

Guest

Yes

Post by Guest » Fri Dec 10, 2010 9:09 pm

@ mogumbo,

PM each one of the people that left a red comment and explain your situation and see if they will change their comment based on your argument.

Guest

Re

Post by Guest » Fri Dec 10, 2010 9:20 pm

Hi mogumbo

I have scanned your website

http://www.urlvoid.com/scan/reallyslick.com [green](Clean)[/green]

Virustotal Report

http://www.virustotal.com/url-scan/repo ... 1292011952

Only Paretologic detects your website

http://www.virustotal.com/file-scan/rep ... 1292015555

downloaded analisys files: no malicious content

as a result I have deleted my rating and comment

Please get in touch with Paretologic in order to delist your site and leave a message to the board of other WOT members who rated as malicious your website

User avatar
i☆
Posts: 1144
Joined: Tue Sep 28, 2010 9:57 pm

Re:

Post by i☆ » Fri Dec 10, 2010 9:23 pm

I don't see any malware. Perhaps one of those people who left a red comment can explain in a little more detail. This is why I do not like the idea of copy-pasting from blacklists (yet WoT gives an incentive for it...).

User avatar
spectre
Posts: 4004
Joined: Sun May 03, 2009 10:43 pm

Hi mogumbo

Post by spectre » Fri Dec 10, 2010 9:36 pm

Welcome to wot.
Please could you explain this Site Advisor and this VirusTotal - I took the download from your site.
Also see Trend Micro

Guest

@ OP

Post by Guest » Fri Dec 10, 2010 9:49 pm

ehr

http://virusscan.jotti.org/en/scanresul ... 13fad9151a

actually some files looks infected

I'm afraid I have to re-rate your website

Site-rater
Posts: 2921
Joined: Tue Sep 15, 2009 7:48 pm

I gave negative votes to the

Post by Site-rater » Fri Dec 10, 2010 10:05 pm

I gave negative votes to the red comments and gave positive votes to the green comments. This brought the red bars down somewhat and brought the green ones up. Also, SiteAdvisor's analysis even admits that Skyrocket only adds its own files. The VirusTotal and jotti.org sites only give positives on some of the antivirus engines.

mogumbo
Posts: 3
Joined: Fri Dec 10, 2010 9:06 pm

Wow. Thank you everyone for

Post by mogumbo » Sat Dec 11, 2010 4:16 am

Wow. Thank you everyone for the enormous amount of feedback. I will try to respond to most of your questions here.

BobJam and leofelix, thanks for the suggestions. I'll try to PM people next.

I have never seen most of the sites you all posted here, but VirusTotal makes me actually doubt my file skyrocket1_2.zip a little bit. What does it mean when some programs find a virus and others don't? I have personally checked this file many times in the past with different virus programs and found nothing. The file has been there for most of a decade, so any virus would have to be very old and I would expect all virus programs to know about it by now.

I'm starting to think skyrocket1.zip and skyrocket1_2.zip aren't worth the trouble and I should just get rid of them. Not many people download them anymore anyway. What do you all think? Is there a way to know for sure if there is a virus if tests reveal conflicting results?

SiteAdvisor has been confusing me since 2008 when they blacklisted my site because of skyrocket1.zip and skyrocket1_2.zip. I complained because, as BFeely pointed out, their detailed report didn't make much sense. Four months later they wrote back and said "I am pleased to inform you that your site now has a green SiteAdvisor rating." Then in October 2010 I discovered them blacklisting my site again because of the same files for the same reasons as before. From all this I assume their automatic processes think my files are bad, but their engineers doing detailed inspections think my files are fine. I emailed them in October and they said they would send it to engineering. They have ignored the rest of my emails.

User avatar
c۞g
Posts: 10927
Joined: Mon Jan 05, 2009 4:02 am

skyrocket1_2.zip

Post by c۞g » Sat Dec 11, 2010 5:56 am

re: VT::skyrocket1_2.zip
also referenced on Clean-MX

Avira reports:
We received the following archive files:
File ID Filename Size (Byte) Result
25979109 skyrocket1_2.zip 393.38 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
1307469 Skyrocket.scr 676 KB FALSE POSITIVE
25979110 Skyrocket.txt 966 Byte UNDER ANALYSIS


Please find a detailed report concerning each individual sample below:
Filename Result
Skyrocket.scr FALSE POSITIVE

The file 'Skyrocket.scr' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.39.1.113.
Filename Result
Skyrocket.txt UNDER ANALYSIS

The file 'Skyrocket.txt' has been determined to be 'UNDER ANALYSIS'.


Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.


User avatar
c۞g
Posts: 10927
Joined: Mon Jan 05, 2009 4:02 am

What does it mean when some programs find a virus and others don

Post by c۞g » Sat Dec 11, 2010 6:04 am

It could mean that not all AV companies have the same file sample so some will "miss" it because they simply do not know about it.

It could mean that some AV (such as Avira) have the sample, determined that it is a False positive (not malicious) and have removed it from their Virus Definition Files (VDF) so they do not display results on VirusTotal (VT).

Your best bet would be to manually submit it to AV companies and inform them that it is safe (FP) if they detect it.
There is a list on the wiki for Malware Submission (not all, but many). Some have HTTP upload, some have FTP upload, and others require a password protected archive sent via email.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests