Question About HTML:Script-inf which got on my C:\ Drive!

[sev101477]

The other night I was surfing to a video gaming website for Final Fantasy which was located here: hxxp://www.ffshrine.org. Immediately upon arriving there Avast gave me this warning: Sign of "HTML:Script-inf" has been found in "hxxp://www.ffshrine.org/\{gzip}" file. I immediately tried to abort the connection, however, then it told me this : Sign of "HTML:Script-inf" has been found in "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYLK7SB6\ffshrine_org[1].htm" file. It ask me if I wanted to delete, which I did.

After that I searched for that location on my C:\ drive to see if it was still there, and it was not. I also did a search for any files modified after receiving the Avast warning, and didn't find any of what would look like system files modified by this. I did full virus scan on my C:\ drive after, and it turned up nothing.

What I'm wondering about all this is, though, was this HTML:Script-inf really a virus/trojan/worm or was it just a false reading from Avast? FFShrine is a fairly common site for Final Fantasy games, and I was surprised to get this warning from there. It did get on my PC and that worries me more. Despite checking for modified files, how can I be sure no settings were changed, and the possible virus/trojan/worm didn't spread to another file or someplace else I haven't been looking for? I really do not know much about this, and any help would be appreciated.

About a month back, I got a similar file on my C:\ drive and being very suspicious, I did a system restore, which basically wiped everything and installed my PC back to factory settings. If possible I would not like to do this again, as it was very time consuming getting everything back the way it was just before I received the suspicious file on my computer. If there was a way I could be reassured that everything was not harmed by this I will not do a system restore this time. I only want to do this as a last resort. Again any help would be appreciated, and thanks to anyone who took the time to read this.

[DavidR]

Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

avast is probably the best at detecting infected web sites as it is becoming very prevalent now with many sites being hacked.

Having just looked at the source code it indeed loos like the site has been hacked as it looks like a script tag has been inserted into a several description/paragraph (see image of one of them). Now these scripts try to run javascript files in a Japanese domain. This site if you try and reach it is also considered a malicious site and blocked by the network shield.