« previous next »
Pages: [1]   Go Down

Author Topic: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots  (Read 9177 times)

0 Members and 1 Guest are viewing this topic.

stormer

  • Guest
Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« on: August 07, 2009, 12:01:43 AM »
Is this a false positive?

avast! reports a JS:Redirector-E [Trj]

Site: http://kaddas.org

I have not used another AV to visit the site, could anyone confirm this really is malware or a FP.

Thanks

BTW, I have informed the site owner.
« Last Edit: August 07, 2009, 12:11:46 AM by stormer »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89294
  • No support PMs thanks
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #1 on: August 07, 2009, 12:30:03 AM »
First alert image.
It appears that the site may have been hacked as there are two huge chunks of obfuscated javascript in two script tags after the closing table tag.

These script tags are pushed well out to the right so if the user looks at the page source they won't see the script tags. I have a 1920X1200 screen and it isn't in view even in full screen mode.

Second alert image.
This looks like the file was saved into your browser cache, no point in doing anything other than clearing your browser cache as any suspicion of an infected file, clear the cache. The abort connection of the first alert should have stopped it getting down to the cache, why it didn't I don't know. Perhaps your use of a sandbox may have still downloaded it into the cache, but the standard shield provides another level of protection.
« Last Edit: August 07, 2009, 12:33:13 AM by DavidR »
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spg SCOTT

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #2 on: August 07, 2009, 12:30:20 AM »
Apparently not:
http://www.UnmaskParasites.com/security-report/?page=kaddas.org

There are 2 long, obfuscated scripts that are suspicious, plus the suspicious links in the unmaskparasites report.


i don't really get the second image, you actually bypassed the Web shield for the site ???

-Scott-

EDITDavidR was quicker ;)
I wasn't sure about the moving it to the right though, I thought it was odd but...
« Last Edit: August 07, 2009, 12:33:00 AM by spg SCOTT »
Logged

stormer

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #3 on: August 13, 2009, 12:07:23 AM »
Can you check the site again, thanks.

The site owner, got back to me and removed the bad stuff.

I am currently using a trail version of Eset, so avast! I don't have for 60 days.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89294
  • No support PMs thanks
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #4 on: August 13, 2009, 12:55:25 AM »
Not a lot of point in checking it, there is nothing there just a jpg image saying coming soon.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

stormer

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #5 on: August 13, 2009, 03:55:15 PM »
So the site is clean again?

Thanks.
Logged

spg SCOTT

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #6 on: August 13, 2009, 04:10:19 PM »
Hi stormer,

It would appear that the site is clear.
However all that is shown is an image (like DavidR said) saying coming soon and a flash object below (although when allowed, it doesn't seem to do anything).

-Scott-
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89294
  • No support PMs thanks
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #7 on: August 13, 2009, 04:34:44 PM »
Quote from: stormer on August 13, 2009, 03:55:15 PM
So the site is clean again?

Thanks.

Well I wouldn't say that the site is clear again. as there is no content (site) there but a place-holder page, coming soon ???
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

stormer

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #8 on: August 13, 2009, 06:24:41 PM »
Quote from: spg SCOTT on August 07, 2009, 12:30:20 AM
i don't really get the second image, you actually bypassed the Web shield for the site ???

I think the images were the other way round (if I remember correctly)  ???
Logged

spg SCOTT

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #9 on: August 13, 2009, 06:45:19 PM »
Quote from: stormer on August 13, 2009, 06:24:41 PM
Quote from: spg SCOTT on August 07, 2009, 12:30:20 AM
i don't really get the second image, you actually bypassed the Web shield for the site ???

I think the images were the other way round (if I remember correctly)  ???

I'm confused, you saw the images the other way round or attached them the other way round?
(I was referring to avast2.png in that post)
Logged

stormer

  • Guest
Re: Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots
« Reply #10 on: August 13, 2009, 07:12:23 PM »
Sorry to confuse you, but the images are in the correct order - just looked at the timestamps of each screenshot.
It's avast1.png then avast2.png
Logged
Pages: [1]   Go Up
« previous next »