Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on December 05, 2014, 12:34:03 AM

Title: Is this trojan detected as malware-gen?
Post by: polonus on December 05, 2014, 12:34:03 AM

Object: htxp://1lira.blogspot.de/search/label/1+lira
SHA1: 52f5d3f2274a7dfd5e9c8ffab79a9d54031983e1
Name: TrojWare.JS.Faceliker.B
See: https://www.virustotal.com/nl/url/ade92fe43579ccc9232504967a0e288d5b9e90137281a7e1f82e9b5f5943aa6b/analysis/1417735719/
Potentially harmfull and blacklisted: http://sitecheck.sucuri.net/results/1lira.blogspot.de
IP badness: https://www.virustotal.com/nl/ip-address/74.125.201.132/information/
IDFS alert: https://urlquery.net/report.php?id=1417735597641
See blacklists info: http://www.robtex.net/en/advisory/ip/74/125/201/132/

pol

Title: Re: Is this trojan detected as malware-gen?
Post by: polonus on July 04, 2015, 06:29:20 PM

Update - still there: This is a suspicious page
Result for  2015-07-04 15:54:30 UTC
Website: htxp://1lira.blogspot.nl
Checked URL: htxp://1lira.blogspot.nl/2008/12/ilginc-seffaf-araba-rinspeed-exasis.html
Trojans detected:
Object: htxp://1lira.blogspot.nl/2008/12/ilginc-seffaf-araba-rinspeed-exasis.html
SHA1: eb45bea891a91d72f9d0de1bb842b5340dfbcb11
Name: TrojWare.JS.Faceliker.B
Going to front_sand_girls site with a bad name! To be removed - container: "navbar-iframe-container",
                  id: "navbar-iframe"  code.
Possible Frontend SPOF from:

ajax.googleapis.com - Whitelist
(98%) - <script src='htxp://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js' type='text/javascript'>
sanalyum.com - Whitelist
(98%) - <script src='htxp://sanalyum.com/1lira.js' type='text/javascript'>
apis.google.com - Whitelist
(94%) - <script type="text/javascript" src="htxps://apis.google.com/js/plusone.js">
(4%) - <script type="text/javascript" src="htxps://apis.google.com/js/plusone.js">
xslt.alexa.com - Whitelist
(6%) - <script language="JavaScript" src="htxp://xslt.alexa.com/site_stats/js/s/a?url=http%3A%2F%2F1lira.blogspot.com" ty

error on here: htxps://www.blogger.com/navbar.g?targetBlogID%5C758858089633986319435%5C46blogName%5C75The+Glamour+Lane%5C46publishMode%5C75PUBLISH_MODE_HOSTED%5C46navbarType%5C75LIGHT%5C46layoutType%5C75LAYOUTS%5C46searchRoot%5C75http://www.theglamourlane.com/search%5C46blogLocale%5C75en_US%5C46v%5C0752%5C46homepageUrl%5C75http://www.theglamourlane.com/%5C46vt%5C0754432851641408062395

pol