Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on April 18, 2015, 01:43:11 PM

Title: No nameservers - spam site blocked? Gen:Trojan.Heur.FU.Gv0@au1Qlrij infested?
Post by: polonus on April 18, 2015, 01:43:11 PM

I get an alert for cleanmx_generic for the following website -> cjllwocjr.igg.biz,,,earlier Parked/expired,
Redirects to  htxp://freeavailabledomains.com/blocked/
Going to:

Code: [Select]

<script type="text/javascript">
<!--
window.location = "htxp://fukbb.com"
//-->
</script>
Read: http://fad.userrules.com/forum/fukbbcom-redirect-46645
Think avast should block because of htxp://freedns.afraid.org/domain/dnstrace.php?domain=passenger.usa.cc&submit=Trace
from FAD · 1 year & 217 days ago
Very poor safety status: http://sur.ly/o/fukbb.com/
This website may contain some kind of malware!
For Gen:Trojan.Heur.FU.Gv0@au1Qlrij removal,
read step 2 proposed here: http://www.selectrealsecurity.com/malware-removal-guide/

The sub domain is a bad zone one, the dns report on the main domain:
https://www.virustotal.com/en/ip-address/88.198.132.3/information/
No private IPs found for www.igg.biz.. Web servers using private IPs can't be reached from the Internet.
Bad web rep: http://adguard.com/en/adguard-report/cjllwocjr.igg.biz/report.html
Flagged for spamming: https://www.mywot.com/en/scorecard/cjllwocjr.igg.biz
DrWeb URL checker flags site as not recommended site/adult content

ISSUE DETECTED   DEFINITION   VULNERABLE HEADER
Outdated Web Server Nginx Found   Vulnerabilities on nginx   nginx/1.0.5
Should be patched and protected.

IP malware history: https://www.virustotal.com/en/ip-address/88.198.132.3/information/

polonus (volunteer website security analyst and website error-hunter)