Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on June 29, 2013, 07:59:03 PM

Title: avast! Web Shield & Script Shield both blocking website scan!
Post by: polonus on June 29, 2013, 07:59:03 PM
Malware entry: MW:EXPLOITKIT:BLACKHOLE1

Blocked: htxp://evuln.com/tools/malware-scanner/thevymahal.com/ alerted JS:Decode-AQC[Trj]
Blacklisted and with 13 potentially suspicious files flagged by Quttera's: http://quttera.com/detailed_report/thevymahal.com
urlquery's report: http://urlquery.net/report.php?id=3404680
Snort IDS alerts: http_inspect: JAVASCRIPT WHITESPACES EXCEEDS MAX ALLOWED
& INDICATOR-OBFUSCATION obfuscated document command
blacklist status: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=thevymahal.com
For malware found see: http://sitecheck.sucuri.net/results/thevymahal.com
and https://www.virustotal.com/nl/file/86f0a5cd07753a72e9543e386e6f1a9439adfc3249fd336b3d068417e043105f/analysis/
and for that IP: http://support.clean-mx.de/clean-mx/viruses.php?ip=81.88.57.68&sort=id%20desc  (only 1 instance closed)
Netcraft already stops part of the code as XSS attack found and avast!Script shiled blocks the threat
as JS:Decode-AQC[Trj] as I opened just a minor part of the Sucuri malcode example as a search query...

Keep all your avast! Shields up, my good forum friends, they are part of your essential online protection!

polonus