Avast WEBforum
Other => Viruses and worms => Topic started by: Mettalknight on February 02, 2010, 11:15:13 PM
-
Ok so I've been going to the site "www.emo-friends.com/" (yes im emo...not the point..) for about 2 years now... and about 1-2months ago the site started doing that... i know the site isnt dangerous since ive been visiting for so long.
I just wanted to ask if there is a way to fix avast from doing this. Simply because i hate turning it off every time i visit that site.
-
Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/
This page seems to be <clean>
http://www.UnmaskParasites.com/security-report/?page=www.emo-friends.com
But there is a bad link hxxp://gov.tg.co.kr/_compile/site_login_action.php
http://www.google.com/safebrowsing/diagnostic?site=http%3A//gov.tg.co.kr/_compile/site_login_action.php
-
Hi Mettalknight & Pondus,
The bad link re-direct(s)/ed to a trojan, and now appears to lead to a 404 (but that could be a malcreant trick),
polonus
-
bump so what does this mean polonus? will i not be able to ever access this site withought turning off avast >.<
-
It means that the owner of emo-friends.com has to fix the site as it has been hacked.
Make Emo friends!
http://www.43things.com/things/view/991513/make-emo-friends <== site is safe
-
lol k thanks.......... hopefully the owner will realize eventually
-
my site bring up the same virus warning - my host has checked and cant find any virus - so how do i "fix" my site so this doesnt happen?
mafanjai.bcmagazine.net
-
***
Welcome to the forums, simonhk :)
Unmask Parasites finds your site as suspicious. See the link below.
http://www.UnmaskParasites.com/security-report/?page=mafanjai.bcmagazine.net
Also see the link below from Google Safe Browsing.
http://www.google.com/safebrowsing/diagnostic?site=mafanjai.bcmagazine.net
***
-
my site bring up the same virus warning - my host has checked and cant find any virus - so how do i "fix" my site so this doesnt happen?
mafanjai.bcmagazine.net
yep, you've been hacked.
Look for a script tag that leads to hxxp://glenysinternationalcuisine.com/glenys/.wysiwygPro_edit_index_html.php; get rid of that script tag (you can find the script I'm talking about immediately after the </head> tag).
I'll take glenysinternationalcuisine for a run, because it's absolutely loaded with obfuscated JavaScript.
EDIT: That "gleny" script contains a hidden IFRAME, which leads to hxxp://glenysinternationalcuisine.com/glenys/.wysiwygPro_edit_index_html.php?s=WA7A0Im2&id=
which contains all kinds of obfuscated JS, which contains an exploit, or perhaps multiple exploits, against Acrobat PDF Reader.
-
this one (http://reosuccessformula.com/6weeks) comes up infected but http://www.unmaskparasites.com/ does not see anything. It reports clean. So who is correct? False positive or what?
JCE
-
Google SafeBrowsing
http://www.google.com/safebrowsing/diagnostic?site=reosuccessformula.com/6weeks
Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-20, and the last time suspicious content was found on this site was on 2009-11-13.
Malicious software includes 2 scripting exploit(s).
Malicious software is hosted on 1 domain(s), including excellium.ca/.
This site was hosted on 1 network(s) including AS21844 (THEPLANET).
-
Right Pondus,
This is OK at first glance, because of a 401 Unauthorized message, but getting to the real info, here it is:
What is the present status of reosuccessformula dot com?
Of one page being tested 1 page has been downloading and installing malicious software without user's De Last time suspicious code was found was on 2009-11-13.
Malicious software includes 2 scripting exploits.
malicious software being hosted on one domain, e.g. excellium.ca/.
This site was hosted on 1 network including AS21844 (THEPLANET),
polonus