« previous next »
Pages: [1]   Go Down

Author Topic: malware from ninni.org  (Read 3936 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
malware from ninni.org
« on: February 25, 2016, 09:55:50 PM »
It seems that a malware from ninni.org came from my computer to the website, where I was the last person to post something with WordPress.
However Avast Pro Antivirus doesn't find any problem on my computer.
How can I find out if Avast tests for this specific malware?
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: malware from ninni.org
« Reply #1 on: February 25, 2016, 10:02:35 PM »
To start with, you need the name of the malware.
If you have the name, you can check the VPS history.

Keep in mind that avast also detects a lot of things that have no name (yet).

EDIT:
The host has taken the site offline.
« Last Edit: February 25, 2016, 10:06:10 PM by Eddy »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: malware from ninni.org
« Reply #2 on: February 25, 2016, 10:40:33 PM »
« Last Edit: February 25, 2016, 10:43:00 PM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: malware from ninni.org
« Reply #3 on: February 25, 2016, 10:42:54 PM »
For that scenario you did not use a browser with Google Safebrowsing as this comes blocked by Google: -http://ninni.org/
and it is blacklisted for a reason.
Latest malware detected there was: https://www.virustotal.com/en/file/d92128822b5754f5cc2ce5f6b5aa6e3cfbaaa181f91fa4e32e503c561af3d341/analysis/
See that IP's badness history: https://www.virustotal.com/en/ip-address/194.9.95.119/information/
The suspicious file that comes from there now is:
index
Severity:   Suspicious
Reason:   Detected suspicious redirection to external web resources at HTTP level.
Details:   Detected HTTP redirection to -http://closed.loopia.com.

And this script: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fstatic.loopia.se%2Fresponsive%2Fjs%2Frespond-js%2Frespond.src.js

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: malware from ninni.org
« Reply #4 on: February 25, 2016, 11:12:26 PM »
Quote
It seems that a malware from ninni.org came from my computer to the website,
If so, you may want assistanse cleaning your computer?

If so, instructions to follow  >>  https://forum.avast.com/index.php?topic=53253.0

Logged

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6669
  • volunteer
Re: malware from ninni.org
« Reply #5 on: March 03, 2016, 10:40:18 PM »
Quote from: Shozindo on February 25, 2016, 09:55:50 PM
It seems that a malware from ninni.org came from my computer to the website, where I was the last person to post something with WordPress.
However Avast Pro Antivirus doesn't find any problem on my computer.
How can I find out if Avast tests for this specific malware?

Hello

URL has been added to database and avast now blocks with URL:Mal
« Last Edit: March 03, 2016, 10:41:49 PM by jefferson sant »
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: malware from ninni.org
« Reply #6 on: March 03, 2016, 10:57:06 PM »
Is the domain added, the IP or both ?
Logged

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6669
  • volunteer
Re: malware from ninni.org
« Reply #7 on: March 03, 2016, 10:59:57 PM »
Quote from: Eddy on March 03, 2016, 10:57:06 PM
Is the domain added, the IP or both ?

Only the Domain.
Logged
Pages: [1]   Go Up
« previous next »