Author Topic: VBS:Malware-gen  (Read 198251 times)

0 Members and 1 Guest are viewing this topic.

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #120 on: July 22, 2008, 05:33:52 PM »
visionex, check your security, you've been hacked. Check your index, there is some huge dirty encrypted thing after the Analytics code.You may also want to search for 'phpfake' in your sourcecode.

krubach

  • Guest
Re: VBS:Malware-gen
« Reply #121 on: July 23, 2008, 12:11:47 PM »
Hello guys,

I have several members of my website that use Avast! reporting me that Avast warns about VBS:Malware-gen trojan on my frontpage.
The url is http://f1portugal.com .
AFAIK there is no suspicious code in the frontpage, but maybe Avast is suspecting the DHTML code i put there.

Please let me know if it is clean, so i can assure people it's safe.

TIA

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #122 on: July 23, 2008, 12:16:32 PM »
Sorry, it's not. We're getting a script, most probably in the redirection?

Code: [Select]
<script language=JavaScript>var kco=" shapgvba hmdvx(oz){ine fz,we=\"{v^abR


krubach

  • Guest
Re: VBS:Malware-gen
« Reply #123 on: July 23, 2008, 12:19:37 PM »
Ok. Thank you very much for helping me. I'll check that out. ;)

jimjams88

  • Guest
Re: VBS:Malware-gen
« Reply #124 on: July 23, 2008, 01:56:23 PM »
I am getting an Avast VBS:malware warning for our site http://www.tangira.com.

My VPS is 080723-0 (programme build 4.8.1227).

Can you please advise?

Thanks!

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #125 on: July 23, 2008, 01:59:55 PM »
Do you know what is the encrypted stuff at the end of your webpage, after the analytics code?

krubach

  • Guest
Re: VBS:Malware-gen
« Reply #126 on: July 23, 2008, 03:09:22 PM »
Sorry, it's not. We're getting a script, most probably in the redirection?

Code: [Select]
<script language=JavaScript>var kco=" shapgvba hmdvx(oz){ine fz,we=\"{v^abR

Thank you very much for pointing me in the right direction kubecj. ;)
Problem solved now.

jimjams88

  • Guest
Re: VBS:Malware-gen
« Reply #127 on: July 23, 2008, 03:59:46 PM »
Kubecj - I don't as I didn't design the site. There has never been a problem before in accessing before though? I can check with the designers if you think it's suspicious. Is there any way to tell (given it's encrypted).

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #128 on: July 23, 2008, 04:36:00 PM »
Basically it's encrypted iframe pointing to 202.164.52.199. That's a site somewhere in India.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: VBS:Malware-gen
« Reply #129 on: July 23, 2008, 04:48:37 PM »
Basically it's encrypted iframe pointing to 202.164.52.199. That's a site somewhere in India.

In other words, _most_likely_ a code injection that you were unaware of...
If at first you don't succeed, then skydiving's not for you.

jimjams88

  • Guest
Re: VBS:Malware-gen
« Reply #130 on: July 23, 2008, 04:58:06 PM »
OK - thanks a lot for the advice. I have deleted the offending code and the site loads fine now. (also changed the CMS panel passwords!)

visionex

  • Guest
Re: VBS:Malware-gen
« Reply #131 on: July 24, 2008, 02:07:15 PM »
visionex, check your security, you've been hacked. Check your index, there is some huge dirty encrypted thing after the Analytics code.You may also want to search for 'phpfake' in your sourcecode.
http://www.internetdvd.org isn't my site ^^
I just don't understand why BitDefender, Kaspersky and others antivirus detect none virus except Avast ::)

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #132 on: July 24, 2008, 02:12:17 PM »
Right now it's clean, that's why they don't detect anything now. OTOH, our script malware detection is quite good, I'd say.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: VBS:Malware-gen
« Reply #133 on: July 24, 2008, 03:07:45 PM »
OTOH, our script malware detection is quite good, I'd say.
Congratulations. Keep your good work.
The best things in life are free.

decadechild

  • Guest
Re: VBS:Malware-gen
« Reply #134 on: July 26, 2008, 01:36:59 AM »
I have a forum showing up the same Virus/Worm.
hxxp://www.syaoregon.us/forum

The url that Avast! shows is:
Code: [Select]
http://www.syaoregon.us/forum/\unp263177177VPS version: 080725-1, 07/25/2008

It's an outdated SMF forum. All links to it show up infected. This is just too weird.
All other sites & SMF forums work fine for me. ???
« Last Edit: July 26, 2008, 03:37:34 AM by decadechild »