Does any know anything about JS:Illredir-B[Trj]

[widgeteer]

Yesterday I ran across a site that has this trojan -- no problem, though:  I had Avast installed, which warned me and aborted the download. Then I googled the name of the trojan and discovered this forum. 

The site's url: 

http://www.almahatwary.org/

Regards all,

widgeteer

[DavidR]

Looks like the site has been hacked there is an obfuscated script tag at the bottom of the source code (see image, click it to expand). The script is obfuscated to hide its purpose and is suspicious, the line extends way, way, beyond the end of the image example.

[polonus]

Hi widgeteer,

There are two viruses on the site - make the link in your posting non-clickable by putting htxp or WxW:
Virus
Threat found: 2 virtumonde.sci trojan

Name of threat:    53833
Location:    hXtp://www.almahatwary.org/


Name of threat:    53833
Location:    hXtp://www.almahatwary.org/index.htm

pol

[fifa76]

I actually upgrade the script to remove JS:Illredir-B and JS:Illredir-C in same time
If you got some other similar trojan on your website please contact me i try to help and upgrade the script.

HI my website is affected by the same virus also, can you send me the script to remove the virus ? as detected i suspected the virus contented is JS:Illredir-C
can you send the script to my fifa76@gmail.com. thank you

[DavidR]

First we aren't clairvoyant so we need to know what your site URL is, change the http to hxxp to break the link.

Even if we know your site address, we can't send you any script to remove it you have to find the injected script, remove it and close the vulnerability that allowed the script to be injected.

I suggest you remove your email address as a) it can get harvested by spambots trawling the internet and b) we help people through the forums and not email.

[polonus]

@trzykas

Witamy!      Dziękujemy,

pozdrawiam,

Damian