×
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jayce68
Former Member
Message 1 of 11
‎10-05-2013 01:34 AM

My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

Hello,

I installed McAfee Saas on the computer of my customer, I wanted to download TeamViewer QuickSupport program (renamed distance.exe) on my site, and after three warning McAfee, full access to the site clicway.fr is totally blocked (malware).

I contacted McAfee several times and no answer form, please urgent problem.

My site is analyzed:
- Securi: nothing (except McAfee)
- AVG: nothing
- VirusTotal: nothing (except BitDefender ... same problem??)

Thank you in advance

0 Kudos
Reply
1 Solution

Accepted Solutions
Hayton
Reliable Contributor
Reliable Contributor
Message 7 of 11
‎10-07-2013 01:26 PM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

The Unicode in a javascript file : I could not see this in the page source code but urlquery has an extensive section of Javascript Evaluations, and I saw it there. The code has sections for email address and credit card details, so I do not think this is inserted code from one my Chrome add-ons. Some of the embedded strings are in German, which I thought was strange.

http://urlquery.net/report.php?id=6397087

urlquery for clicway.PNG

        },
        messages: {
            required: "This field is required.",
            remote: "Please fix this field.",
            email: "Please enter a valid email address.",
            url: "Please enter a valid URL.",
            date: "Please enter a valid date.",
            dateISO: "Please enter a valid date (ISO).",
            dateDE: "Bitte geben Sie ein gýýltiges Datum ein.",
            number: "Please enter a valid number.",
            numberDE: "Bitte geben Sie eine Nummer ein.",
            digits: "Please enter only digits",
            creditcard: "Please enter a valid credit card number.",
            equalTo: "Please enter the same value again.",
            accept: "Please enter a value with a valid extension.",
            maxlength: $.validator.format("Please enter no more than {0} characters."),
            minlength: $.validator.format("Please enter at least {0} characters."),
            rangelength: $.validator.format("Please enter a value between {0} and {1} characters long."),
            range: $.validator.format("Please enter a value between {0} and {1}."),
            max: $.validator.format("Please enter a value less than or equal to {0}."),
            min: $.validator.format("Please enter a value greater than or equal to {0}.")
        },

As the site owner you can get your site re-tested and re-rated by going to the SiteAdvisor site page and clicking the Request A Review button.

clicway Review.PNG

If nothing happens after a few days, email TrustedSource directly and get a ticket number.

If you want to address an issue with a web site in Site Advisor, that is based on McAfee's Trusted Source Web Reputation, please go tohttp://www.trustedsource.org/en/feedback/url and use the web form to contact the Trusted Source team.
If you want to track your requests or be notified via email, you can register for a free TrustedSource.org account.

View solution in original post

0 Kudos
Reply
10 Replies
Peacekeeper
MVP
MVP
Message 2 of 11
‎10-05-2013 02:22 AM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

I assume you asked for a review (option on popup warning) as site owner. This does not get an immediate reply though their guidelines says reply in 24hrs they as busy so this may take longer.

Post the site URL as 1 of the mods here is good at analysing site issues and might look at the site if he has time.

0 Kudos
Reply
jayce68
Former Member
Message 3 of 11
‎10-05-2013 02:29 AM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

Thank you Peacekeeper.

It must be more than 5 days since I made ​​the request, why I ask here.

The URL is www.clicway.fr.

Thank you in advance

0 Kudos
Reply
Peacekeeper
MVP
MVP
Message 4 of 11
‎10-05-2013 02:32 AM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

Will ask hayton to look into the site hopefully you get a reply soon.

0 Kudos
Reply
Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 11
‎10-06-2013 08:47 PM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

It is a problem detected by TrustedSource, which has changed the SiteAdvisor rating to Red.

TrustedSource says the site is Malicious, but I can find no problem with the site itself except for two blocks of Unicode embedded in one of the javascript files (according to urlquery). In the Chrome console I do not see this code, perhaps because it is in one of the scripts which have been blocked by AdBlock or Abine. The Unicode looks like this : I cannot say if it is suspicious or not. It appears to be associated with entering an email address somewhere.

Unicode.PNG

The only other problem I can see is the file "distance.exe" which is the TeamViewer QuickSupport program. Where did you get this from, and when? I see that it can be downloaded from Softonic, Softpedia, CNET and Majorgeeks (and many other places) but the only safe place to get it is from the TeamViewer site at http://www.teamviewer.com/en/download/windows.aspx. I scanned the downloaded file with Malwarebytes and McAfee and neither reported a problem; I uploaded the file to VirusTotal and it was passed as Clean by all the anti-virus scanners.

However, the Properties dialog of "distance.exe" does not show any version number for the program, and the digital certificate is invalid. The encryption is weak RSA 1024-bit, the To-date has expired, and the certificate is self-signed by Teamviewer. This means the program is an old version, and could potentially be fraudulent.

renamed TeamViewer certificate invalid.PNG

The certificate for the current version (8.0.22298) of TeamViewer QuickSupport should look like this - it uses RSA 2048-bit encryption and is counter-signed by Symantec Time Stamping Services.

TeamViewer QS certificate valid.PNG

This may not be the reason why TrustedSource finds a problem with your site, but it can easily be rectified.

One other possibility is because your site is on a server at 213.152.15.73 with other websites which are blacklisted. One example is mihaela.fr - see

http://sitecheck.sucuri.net/results/mihaela.fr

http://urlquery.net/report.php?id=6342357

http://sitecheck.sucuri.net/results/alaping.fr

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=alaping.fr

There is a list of suspect websites on the server (not up to date) at

http://www.urlvoid.com/ip/213.152.15.73

http://www.urlvoid.com/scan/clicway.fr/

Nevertheless the IP address does not appear to be blacklisted.

Symantec Time Stamping Services
0 Kudos
Reply
jayce68
Former Member
Message 6 of 11
‎10-07-2013 12:09 AM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

Hello Hayton and thank you for your help.

Actually, you're right it is an old version of TeamViewer QuickSupport, so I replaced by the latest (but kept the name distance.exe useful for our IT operations).

On the two blocks of code, I can not find it? (Firefox, Chrome, Safari, IE10). I think it should be Contactable Jquery. Can you give me js file's name ?

Other malicious sites on the same IP does not belong to me, it is a shared host (not a dedicated server). I can do nothing for it but I think it's not the problem.

I think the problem should be the version of TeamViewer, because I had good access to the site, and after 3/4 attempts (download blocked by McAfee Advisor and Saas), I no longer had any access to the site.

Is it possible to restart an analysis of the site, now that I've updated the file?

Thank you in advance

0 Kudos
Reply
Hayton
Reliable Contributor
Reliable Contributor
Message 7 of 11
‎10-07-2013 01:26 PM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

The Unicode in a javascript file : I could not see this in the page source code but urlquery has an extensive section of Javascript Evaluations, and I saw it there. The code has sections for email address and credit card details, so I do not think this is inserted code from one my Chrome add-ons. Some of the embedded strings are in German, which I thought was strange.

http://urlquery.net/report.php?id=6397087

urlquery for clicway.PNG

        },
        messages: {
            required: "This field is required.",
            remote: "Please fix this field.",
            email: "Please enter a valid email address.",
            url: "Please enter a valid URL.",
            date: "Please enter a valid date.",
            dateISO: "Please enter a valid date (ISO).",
            dateDE: "Bitte geben Sie ein gýýltiges Datum ein.",
            number: "Please enter a valid number.",
            numberDE: "Bitte geben Sie eine Nummer ein.",
            digits: "Please enter only digits",
            creditcard: "Please enter a valid credit card number.",
            equalTo: "Please enter the same value again.",
            accept: "Please enter a value with a valid extension.",
            maxlength: $.validator.format("Please enter no more than {0} characters."),
            minlength: $.validator.format("Please enter at least {0} characters."),
            rangelength: $.validator.format("Please enter a value between {0} and {1} characters long."),
            range: $.validator.format("Please enter a value between {0} and {1}."),
            max: $.validator.format("Please enter a value less than or equal to {0}."),
            min: $.validator.format("Please enter a value greater than or equal to {0}.")
        },

As the site owner you can get your site re-tested and re-rated by going to the SiteAdvisor site page and clicking the Request A Review button.

clicway Review.PNG

If nothing happens after a few days, email TrustedSource directly and get a ticket number.

If you want to address an issue with a web site in Site Advisor, that is based on McAfee's Trusted Source Web Reputation, please go tohttp://www.trustedsource.org/en/feedback/url and use the web form to contact the Trusted Source team.
If you want to track your requests or be notified via email, you can register for a free TrustedSource.org account.
0 Kudos
Reply
jayce68
Former Member
Message 8 of 11
‎10-07-2013 02:12 PM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

I was afraid when I saw credit card in this code, but after investigation, simply, it's the Jquery's script Validation.

I checked directly on the official website and compared with my file, no problem (same code).

I still think it was just the TeamViewer program, because Site Advisor denied to access to the site after several attempts to download this program (before was OK).

I'll ask them to retest, I will return to this forum to give news.

Thank you again Hayton for your help.

0 Kudos
Reply
Hayton
Reliable Contributor
Reliable Contributor
Message 9 of 11
‎10-08-2013 06:57 AM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

My pleasure.

I agree that it's probably the Teamviewer file that caused the problem, but I'm at a loss to know what exactly it is about the file that triggered the warning. All I can think of is that the combination of an expired certificate and the certificate being self-signed caused it - I know that's sometimes seen in malware. I wasn't aware that there was a check for that specific combination. If it's not that, the other possible reasons aren't serious enough to trigger the site alert.

Good luck with the re-test request, they're running very slow right now.

0 Kudos
Reply
jayce68
Former Member
Message 10 of 11
‎10-14-2013 07:18 AM

Re: My site marked malicious ... for hosting TeamViewer program ??

Jump to solution

I just give news.

After sending a ticket, and after analysis, my site now appears OK, problem solved.

It was the old TeamViewer QuickSupport the "faulty".

Thank you again!

Ce message a été modifié par: jayce68 on 14/10/13 09:20:08 CDT
0 Kudos
Reply
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community

* Important Terms and Offer Details:

  Subscription, Free Trial, Pricing and Automatic Renewal Terms:

  • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection (e.g. 1 month or 1 year).  Once your first term is expired, your subscription will be automatically renewed on an annual basis (with the exception of monthly subscriptions, which will renew monthly) and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
  • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
  • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
  • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
  • You may request a refund by contacting Customer Support within 30 days of initial purchase or within 60 days of automatic renewal (for 1 year terms or longer).
  • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
  • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $124.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​

 **Free Benefits With Auto-Renewal:

  • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
  • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.
  • Safe Connect VPN:  You will receive free, unlimited access to our VPN wireless on supported devices. Users not on auto-renewal have access to 500 MB/month of bandwidth.

   Additional Terms Specific to Identity Monitoring Service:

  • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee Total Protection and McAfee LiveSafe subscriptions with identity monitoring for up to 10 unique emails. Phone number monitoring is enabled upon activation of Automatic Renewal. Not all identity monitoring elements are available in all countries. See Product Terms of Service for more information. 
  • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
  • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
  • US Only:
    Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
  • Identity theft coverage is not available in New York due to regulatory requirements.


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Products

McAfee® Total Protection
McAfee® Gamer Security
McAfee® Identity Monitoring Service
McAfee® Security Scan Plus
McAfee® WebAdvisor
McAfee® Techmaster Concierge
McAfee® Virus Removal Service

Resources

Antivirus
Free Downloads
Parental Controls
Malware
Firewall
 Blogs
Activate Retail Card
Threat Center
McAfee Enterprise

Support

Consumer Support
FAQs
Renewals
Support Community

About

About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap

Copyright © 2022 McAfee, LLC
Copyright © 2022 McAfee, LLC