Possible false positive?

[Edward12345]

Same issue with xhamster.com

[Hectic4409]

Getting the same thing on .....      ftop.ru   .............a site that I have also had booked marked for quite some time and just used the other night.

It is showing the
 
URL as....h_www_ftop_ru__|{gzip}
and the
Infection as ...JS:Includer-BAO [Trj]

I have NEVER had this pop up until tonight

[jefferson sant]

Same issue with xhamster.com

detection seems correct



the site was part of the distribution network of malware
level of severity 3

ET RBN Known Russian Business Network IP group 352

http://urlquery.net/report.php?id=1396062571875

Zulu scaler report suspicious files

http://zulu.zscaler.com/seen/53144f39e00f8d523042bf84dc6d5f7e-1395355893

AVG reports have found 4 threats
http://www.avgthreatlabs.com/website-safety-reports/domain/xhamster.com/
 

hidden iframe





 evaluation  and obfuscated

http://wepawet.iseclab.org/view.php?hash=27f3653318d17014d6e4a2a0e3cfa767&t=1396063631&type=js

site listed blacklist
https://www.virustotal.com/en/url/bfdb91ff433083f7223ddb06a26c2b6bb0e32c7c502bee21a6af5dcc30e83a36/analysis/1396062364/

cysc.blacklisted.gen
http://support.clean-mx.de/clean-mx/viruses.php

[jefferson sant]

URL as....h_www_ftop_ru__|{gzip}
and the
Infection as ...JS:Includer-BAO [Trj]

I have NEVER had this pop up until tonight

This site contains malicious redirects
and also the  detection seems correct




1: hxxpservice.clicksvenue.com / show.php sid = 104 & spid = 169 & scid = 10 & cgid = 2 -> hxx / xxw.ftop.ru/1/2.html?

http://wepawet.iseclab.org/view.php?hash=730e3927044f4fd303ba9a00dc0ba56c&t=1396064425&type=js

unknown_html
http://support.clean-mx.de/clean-mx/viruses.php

hidden iframe

[Yawty]

I thought I was the only one having this sudden problem but it would appear that a majority of "Adult websites" are infected by
 "JS:Includer-BAO [Trj]"

Are there any quick ways to fix this problem manually?
Or is it until the said sites are clean again from infection

but i find it weird that i have this problem with my personal computer but i can still access these sites normally when im using a public computer

[PinkiePie]

Oh! I'm happy that I'm not the only one running into this. I hope it gets solved, it is also coming from an adult website in my experience.

[chris..]

Hello,

same "JS:Includer-BAO [Trj]" with some others webpage since 140328-1 vps

[Pondus]

Norman lab confirms infection..... and added detection

Files:  wxw.heaven666.org.htm: Includer.A

[Yawty]

So will this be fixed? or the sites infected are forever in limbo?

[Pondus]

So will this be fixed? or the sites infected are forever in limbo?

or fix website    http://forum.avast.com/index.php?topic=148216.0   /   http://forum.avast.com/index.php?topic=148215.0

[Flippy]

Hello,

sorry detection JS:Includer-BAO caused some false positives and its switched off. Sorry for any inconvenience.

Best regards,

Filip Chytrý
Virus analyst

[Hectic4409]

I thank you and my wife thanks you. She was kind of upset that she could not visit some of her "favorite" sites as well