Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Again that marvelous avast! Webshield!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Again that marvelous avast! Webshield! (Read 2187 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Again that marvelous avast! Webshield!
«
on:
December 05, 2013, 11:44:53 PM »
avast! Web Shield detects JS:Redirector-AOX[Trj] here:
http://urlquery.net/report.php?id=8169284
see:
http://maldb.com/belglass.by/#blacklists
&
http://evuln.com/tools/malware-scanner/belglass.by/
On the jsinpack analysis it detects: JS:Redirector-BAI[Trj]
HTML code contains blacklisted domain: secclik dot ru
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Re: Again that marvelous avast! Webshield!
«
Reply #1 on:
December 06, 2013, 01:02:11 AM »
Also detects defacement here:
http://evuln.com/tools/malware-scanner/shreesons.com/
and flagged here:
http://maldb.com/shreesons.com/
avast! Web Shield detects as HTML:Defacement-N [Trj]
See:
http://urlquery.net/queued.php?id=54618788
where it is shown but not detected,
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Re: Again that marvelous avast! Webshield!
«
Reply #2 on:
December 06, 2013, 03:34:40 PM »
And again the avast! Web Shield blocks the site here ->
http://app.webinspector.com/public/reports/18764252
as JS:Clickjack-B[Trj]
Also detected here:
https://www.virustotal.com/nl/url/f5ae81110666a0d776ce1231bbc46ad35abd15c77e1b1a8ad0decc3a47c7a4f3/analysis/
but nothing found here:
http://urlquery.net/report.php?id=8203142
Javascript Check: Suspicious
guage="javascript"> function dnnviewstate() { var a=0,m,v,t,z,x=new array('9091968376','8887918192818786347374918784939277359287883421333333338896','778787','9499907
Code hick-up at jasunpack:
wXw.equa-solutions.co.uk/modules/AutsonSlideShow/js/jquery.animate-colors-min.js benign
[nothing detected] (script) wXw.equa-solutions.co.uk/modules/AutsonSlideShow/js/jquery.animate-colors-min.js
status: (referer=wXw.equa-solutions.co.uk/)saved 1736 bytes ca24e35067550d74d9f87b313fb80c749e1177e3
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined function d
suspicious:
Sucuri flags site for Joomla oudated software and SEO-Spam malware:
http://sitecheck.sucuri.net/results/www.equa-solutions.co.uk/
Other malware on IP: Up(nil): unknown_html_RFI_shell RIPE SE abuse at binero.se 195.74.38.130 to 195.74.38.130 joakimengstrom dot se htxp://joakimengstrom.se/ ->
http://urlquery.net/report.php?id=8203494
Here: htxp://urlquery.net/report.php?id=3739663 avast! Webshield blocks: JS:Iframe-CSU[Trj]
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Again that marvelous avast! Webshield!