« previous next »
Pages: [1]   Go Down

Author Topic: Please help me  (Read 1764 times)

0 Members and 1 Guest are viewing this topic.

AKERWEB

  • Guest
Please help me
« on: July 30, 2012, 11:32:27 PM »
Hello, I have a problem because your antivirus I detected two sites with malicious code.
 As I can fix it?
 There are antivirus I detected the problem.
 Help please
 http://www.tierraaguaaventura.com/airsoft/
 http://www.efoser.es
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Please help me
« Reply #1 on: July 30, 2012, 11:56:51 PM »
Yes make these links non-click-through with htxp or wxe. I see script attack there: http://www.bizimbal.com/odb/details.html?id=796612
GET /e107_themes/core/js/menu.js  in the line of GET /content/e107_files/e107.js etc.
hacked htaccess through vulnerabilities in /e107.js via a hidden script on the server. Default default 'e107_' directory names should be changed,
to avoid re-infection. Hardening of e107, see: http://wiki.e107.org/?title=How_can_I_'harden'_or_improve_e107_security%3F   link= GNU FDL free content
Second site you give is a blackhole exploit  landing site: http://urlquery.net/report.php?id=108429
IDS alerts for ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 3 & SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch.
Avast blackole exploit site detection has been improved considerably.
See for malware detected: http://sitecheck.sucuri.net/results/www.efoser.es

polonus
« Last Edit: July 31, 2012, 12:23:42 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

iroc9555

  • Guest
Re: Please help me
« Reply #2 on: July 31, 2012, 12:34:49 AM »
AKERWEB welcome to Avast! forum.

Le entedistes a polonus. ¿ Eres de España ? Tu profile dice Espala. Que no se donde es pero los URL son en español.

1. Por favor edita los URL para que no sean activos. Cambia http:// por hXXp://. No queremos que nadie se infecte accidentalmente.

2. La primera direccion tiene un ataque de script : http://www.bizimbal.com/odb/details.html?id=796612
GET /e107_themes/core/js/menu.js  in the line of GET /content/e107_files/e107.js etc.

3. La segunda direccion tiene una explotacion de blackhole con un sitio que te dirije a otro lugar. Lo encuentras aqui en el reporte:  http://urlquery.net/report.php?id=108429

4. Securi tambien detecta infecciones en la segunda direccion: http://sitecheck.sucuri.net/results/www.efoser.es

Me temo que la deteccion de Avast! es real. Si tu eres el administrador tienes que encargarte de limpiarlas, si no, pues contacta los administradores para que lo hagan.
Logged
Pages: [1]   Go Up
« previous next »