Is this alert valid or FP (JS:Includer-AVD [trj]) ?

[rickyyeung]

Not the site being scanned in urlquery, but the actual site

Object: hxxp://urlquery.net/report.php?id=1399722872505 | {gzip}
Virus: JS:Includer-AVD [trj]

[Pondus]

A bit confusing info .... so the site scanned at urlQuery (bramjnet.com) is not the actuall site?

Or are you saying avast give detection at urlQuery site?

A screenshot of avast warning would help.....

[rickyyeung]

It is the urlquery.
also this file seem to come with urlquery site
https://www.virustotal.com/en/file/9953feaa930b2c2d3cdd4af2b565b29db23022edf43cd7f93a797be4cbe638f3/analysis/1399724415/

[Pondus]

i suspect a false positive on urlQuery website......

anyway, to check your computer ....
follow instructions here and attach malwarebytes and OTL logs   http://forum.avast.com/index.php?topic=53253.0

[polonus]

Not only avast detects but also eSafe as Win32.Trojan: http://killmalware.com/bramjnet.com/
The malware resides in: htxp://www.bramjnet.com/vb3/clientscript/vbulletin_md5.js?v=381
See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.bramjnet.com%2Fvb3%2Fclientscript%2Fvbulletin_md5.js%3Fv%3D381&useragent=Fetch+useragent&accept_encoding=
It was up here: Up(nil):   unknown_html   ARIN   US   abusereports at versaweb dot net   208.64.26.42    to 208.64.26.42   bramjnet dot com   htxp://www.bramjnet.com/vb3/showthread.php?t=55573
But seems closed now: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&domain=bramjnet.com
-> http://quttera.com/detailed_report/support.clean-mx.de
Not a false positive, it was real, but seems to have been closed, - in offending raw content: htxp://www.fixcleaner.com/trialsetup.exe

polonus

P.S. It looks safe!
But.. Sometimes antiviruses will not detect dangerous files/URLs/domains, so you must be wary! Do not open files and links from unreliable sources. You must be very careful with executable files (exe, dll, scr and etc) and documents of different formats (pdf, doc, xsl and etc).

D

[jefferson sant]

Detection is correct
 there is redirection to Which is blocked.

also known malvertisement

http://searchsecurity.techtarget.com/definition/malvertisement-malicious-advertisement-or-malvertising

see attached

[polonus]

Hi jefferson santiag,

Thanks for re-checking and the confirmation of the detection.

pol

[Pondus]

It seem both you guys are scanning the bramjnet.com URL ..... that is not the URL the poster have problems with

He get detection on the urlQuery link ..... this one    urlquery.net/report.php?id=1399722872505

Object: hxxp://urlquery.net/report.php?id=1399722872505 | {gzip}
Virus: JS:Includer-AVD [trj]
   

[jefferson sant]

Hi jefferson santiag,

Thanks for re-checking and the confirmation of the detection.

pol

You are welcome!

It seem both you guys are scanning the bramjnet.com URL ..... that is not the URL the poster have problems with

avast detects
because he found this trojan on banner
where in the scan of the URL urlquery,it did modify its variant.

is included  blacklist
http://www.urlvoid.com/scan/bramjnet.com/

IP is hosted by Malware Domain Blocklist

http://urlquery.net/report.php?id=1399765483349

https://www.virustotal.com/en/url/2bc651bbcb7140c7c71d293bb9904ae98b540fe13f9679dcffd2a843b64ae1ea/analysis/1399765887/

Suspicious JavaScript code injection.

http://quttera.com/detailed_report/bramjnet.com