JS:includer-BOF [Trj]

[REDACTED]

When I try to access some specific webpages Avast sends a warning about infection JS:includer-BOF [Trj]. It does not find the infection on complete system scan however. The website I am trying to access is usualy reliable and the Avast chrome plug-in rates it as safe. The warning appears both in chrome and Ms Edge. It says:

Object:
http://aprender.unb.br/index.php | {gzip}
Infection:
JS:includer-BOF [Trj]
Process:
C:\\Windows\Systems\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


What should I do?

[Pondus]

Blacklisted
https://virustotal.com/nb/url/593e6f7497e74a65df8c4876ddc6cb813e56c94e6a3388040f60463180f9126c/analysis/1479645201/

INFECTED >>  https://sitecheck.sucuri.net/results/aprender.unb.br

HTML scan
https://virustotal.com/nb/file/60a1bad3e4f07af6b4ff3269de86f699ce88a179eae3393498ec6b9c4d986ea9/analysis/1479645355/

[Eddy]

It does not find the infection on complete system scan however.

Ofcourse it will not find anything as the infection/malware is on the website and not on your system.

Besides what Pondus already reported, there is another problem.

The site is trying to load things from m3ntalo.
http://labs.sucuri.net/?details=m3ntalo.at

More problems detected on that site :
http://www.urlvoid.com/scan/aprender.unb.br/
http://retire.insecurity.today/#!/scan/8814896ad2067735607fc71723be91ecf99e655ea4a3abfd1f75d897cf72e174
http://zulu.zscaler.com/submission/show/efcf13ed387a3920b39e56f3e378b7ac-1479646733
https://quttera.com/detailed_report/aprender.unb.br
https://www.virustotal.com/en/url/2ae467d11b0b7d74443478213b01ea28f25fefc288433bc26699273b81c9a356/analysis/1479646761/

[REDACTED]

Thanks everyone!

[polonus]

Be glad that avast prevented your computer from getting infested, as this is a very persistent malcode threat with serious implications.
Read some background info here: http://computerfixguide.com/how-to-delete-jsincluder-bof-trj-from-computer/

Avoid going to websites with Free Software, Spam Email and Porn Websites
as these form main risk-sites to get in touch with unwanted infesting malcode.

For those infested, do not try out any of the above, but take the appropriate steps as proposed here:
https://forum.avast.com/index.php?topic=53253.0   and wait for a qualified remover to assist you.

polonus

[globinli]

I also get almost every day the same virus warning too. Its by www.radin.ch!

The webmaster claims, its only with avast. But than, he fix something in the background and the notification disapears! A day or two later, avast alarms me again!!

How it can be, that not everybody will get a virusalarm?

[Asyn]

-> https://sitecheck.sucuri.net/results/www.radin.ch/

[Pondus]

SUSPICIOUS  >>  http://www.UnmaskParasites.com/security-report/?page=www.radin.ch

Blacklisted  >>  https://virustotal.com/en/url/f44f260c9d2f063622f1f27b7c4006186280af0f7d36168a177588d2348e8ac6/analysis/1480314983/

HTML scan > INFECTED
https://virustotal.com/en/file/302ee7a5572a0509ab906d17f7dac48100e78572cfae9dfee15bb150d70660ba/analysis/1480315328/

[globinli]

Thanks a lot for those link. I will pass it to the webmaster.

Amazingly, my friend also with Avast can access that site with an admin-login. Than no alert will come. When she login as normal user, her avast also find this virus ;-) strange 

[Asyn]

Thanks a lot for those link. I will pass it to the webmaster.

You're welcome.