Solved

VirusTotal shows problem on website using Webroot

  • 25 December 2021
  • 14 replies
  • 398 views

Userlevel 3

My website got hacked about 10 days ago.  I thought it had been totally fixed (restored from backups), but apparently there were remnants of the infection that were on the backup.

 

So, Webroot (and one other) detection was triggered when I used the VirusTotal website.  Now, the infection has been completely removed, but despite doing a fresh scan on VirusTotal, Webroot is still showing the site as being malicious.

 

How do I get Webroot to take another look at the site?

The url is https://amherstburghomehealth.ca (a health care facility in Amherstburg, Ontario, Canada)

 

This is my first post on Webroot, so please forgive me if I chose the wrong subforum.

 

Thank you.

icon

Best answer by TripleHelix 25 December 2021, 19:40

View original

14 replies

Userlevel 7
Badge +63

Hello @JEfromCanada 

 

Yes Webroot is blocking this site as a Phishing site! You can ask Webroot to review by filling this form out and they will let you know: https://www.brightcloud.com/tools/change-request.php

 

Click on pictures to see full size!

 

 

Userlevel 3

Thank you, @TripleHelix.  I’ve taken your advice and completed the form.  It’s interesting to see this graphic from Webroot.  The infection from the past year is (hopefully) the main reason for the rating, and now that this has been addressed, I’m hopeful the site will be returned to “the good books”.

In terms of “Low Popularity”, the Amherstburg Home Healthcare Medical Centre serves the local population of fewer than 30,000 residents, so it’s not like there are millions of people visiting the site!

For those who are curious, Amherstburg is a small town in southwestern Ontario, Canada located on the Detroit River, which separates the US from Canada.  From a historical perspective, Amherstburg was the site of Fort Malden (one of the garrisons of British forces during the war of 1812) and is also the end-point of the famous “Underground Railroad” used by slaves attempting to escape the south during the Civil War.

Another curious fact is that the website https://amherstburghcc.ca (HCC means Health Care Centre) which is the main umbrella site for all the on-site services, and all of the domains linked to that site (including the site in question) were affected by the hack (now cleaned out), but only one of the domains is listed by Webroot as being dangerous.  NOTE:  If you do visit the HCC site, be aware that the CPAP, MOBILITY and BRACING websites all redirect to the Amherstburg Home Healthcare website (the site currently marked as “malicious”).

Edit:  For those who want more information about the “malicious” site but don’t want to risk visiting it directly, we also have a facebook page that doesn’t trigger any alarms  :-)

https://www.facebook.com/pages/category/Medical-Equipment-Supplier/Amherstburg-Home-Health-Care-1896541483899459/

Userlevel 7
Badge +22

Looks like it is no longer blocked?

 

EDIT: Still blocked, my mistake 

 

 

Userlevel 7
Badge +63

Hello @JEfromCanada 

 

I live in Oshawa, Ontario so I know the area well as I’ve been to Windsor many times! Hope to see Webroot BrightCloud clear this up for you!

 

Cheers,

Userlevel 3

@smith2006 , I’m wondering how you managed to reach the site with the Webroot block still in place, but thanks for being brave enough to take a look.

I honestly don’t know what there could be on this site (after getting rid of the hack) that would cause anyone to have a problem with it.

In addition to Webroot, Comodo also had a complaint, and when I went to their website to do a detailed analysis, it complained about two things:  1)  lack of a CDN and WAF (are you kidding me - how many small sites use those tools?); and 2) use of “unknown” iframes.  The Healthcare store sells medical equipment and devices from a large number of vendors approved by the government.  When our visitors want to see detailed information about those devices, we provide access directly to the equipment manufacturer’s website through the use of iframes.  Not only does this ensure we’re providing the most up to date information “from the horse’s mouth”, but it also saves us from having to duplicate all this information on our own website.  Apparently, Comodo doesn’t like this (and I’m not sure whether Webroot also takes this into account).

 

Oh well, we’ll see how this goes…

 

@TripleHelix , what are the odds you’d be from Ontario as well!  From one “auto town” to another, hope you have a great holiday.

Userlevel 7
Badge +22

@JEfromCanada 

I am sorry for the confusion.

I am using Firefox private browsing and forget to grant webroot extension access  to "Run in Private Windows".

The screenshot I took was before giving the access. 

After granting access, I was no longer able to reach the site. 

My apologies for the mistake. 

Userlevel 3

@smith2006 , no confusion… just wondered if you took time to actually view content on the site, or if you immediately noticed your mistake and stopped.

Userlevel 7
Badge +22

@smith2006 , no confusion… just wondered if you took time to actually view content on the site, or if you immediately noticed your mistake and stopped.

No, I didn't view the content on the laptop using Webroot.

Used one of my android phone with Kaspersky, I was able to browse through the content. No alarm triggered.

However Google Transparency Report seems to indicate otherwise

 

Userlevel 3

@TripleHelix  and @smith2006 ,

 

Thank you both for your ideas and help.  I just wanted to let you know that Webroot has now cleared the site as acceptable.  Not sure how I’m supposed to resolve Comodo’s issues and I’m still waiting for feedback from another provider who has marked the site as “suspicious”.

Userlevel 7
Badge +63

@TripleHelix  and @smith2006 ,

 

Thank you both for your ideas and help.  I just wanted to let you know that Webroot has now cleared the site as acceptable.  Not sure how I’m supposed to resolve Comodo’s issues and I’m still waiting for feedback from another provider who has marked the site as “suspicious”.

Contact them here:

 

Please email support@comodo.com to log a support ticket for a Comodo related problems.

Userlevel 3

@TripleHelix 

Thanks for your continued support.  Despite this being a Webroot community, you seem to know your away around to all the other players, so thank you for pointing me at the email address for Comodo.  Now that Comodo and alphaMountain have been contacted, hopefully it won’t take long for this website to stop triggering an alarm in my Avast anti-virus software.

I have also contacted Avast directly, but I think they use information from several sources to trigger an alarm because they are still blocking access to the site.

Userlevel 3

@smith2006 , no confusion… just wondered if you took time to actually view content on the site, or if you immediately noticed your mistake and stopped.

No, I didn't view the content on the laptop using Webroot.

Used one of my android phone with Kaspersky, I was able to browse through the content. No alarm triggered.

However Google Transparency Report seems to indicate otherwise

 

@smith2006

 

Thanks for pointing out the results of the Google Safe Browsing search.  I just tried the search myself and noticed the warning is still in place.   At least the report shows it as being generated on December 14th, which is BEFORE the error had been reported to me and subsequently corrected.  I don’t suppose you know how to get Google to run another check?  It’s been two weeks since that report was generated!

 

 

Jack

 

EDIT:  I realized I could get Google to re-evaluate the site through my Google Webmaster Tools account.  The request has been made.

Userlevel 7
Badge +22

@smith2006 , no confusion… just wondered if you took time to actually view content on the site, or if you immediately noticed your mistake and stopped.

No, I didn't view the content on the laptop using Webroot.

Used one of my android phone with Kaspersky, I was able to browse through the content. No alarm triggered.

However Google Transparency Report seems to indicate otherwise

 

@smith2006

 

Thanks for pointing out the results of the Google Safe Browsing search.  I just tried the search myself and noticed the warning is still in place.   At least the report shows it as being generated on December 14th, which is BEFORE the error had been reported to me and subsequently corrected.  I don’t suppose you know how to get Google to run another check?  It’s been two weeks since that report was generated!

 

 

Jack

 

EDIT:  I realized I could get Google to re-evaluate the site through my Google Webmaster Tools account.  The request has been made.

@JEfromCanada  No worries, hopefully Google will look into your request urgently and review the website again. :thumbsup_tone1:

 

Update:

 

Just checked, it is cleared now

 

https://transparencyreport.google.com/safe-browsing/search?url=amherstburghomehealth.ca%20&hl=en

 

 

Userlevel 3

Thanks to everyone for all their assistance.  The https://amherstburghomehealth.ca website is finally clear of all encumbrances.  Shows clean on VirusTotal, no longer blocked by my Avast anti-virus, and showing clean on Google.

 

Happy New Year to everyone.

Reply