Author Topic: Http: script-inf virus  (Read 5876 times)

0 Members and 1 Guest are viewing this topic.

Mettalknight

  • Guest
Http: script-inf virus
« on: February 02, 2010, 11:15:13 PM »
Ok so I've been going to the site "www.emo-friends.com/" (yes im emo...not the point..) for about 2 years now... and about 1-2months ago the site started doing that... i know the site isnt dangerous since ive been visiting for so long.

I just wanted to ask if there is a way to fix avast from doing this. Simply because i hate turning it off every time i visit that site.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Http: script-inf virus
« Reply #1 on: February 02, 2010, 11:35:41 PM »
« Last Edit: February 02, 2010, 11:38:57 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Http: script-inf virus
« Reply #2 on: February 03, 2010, 12:13:02 AM »
Hi Mettalknight & Pondus,

The bad link re-direct(s)/ed to a trojan, and now appears to lead to a 404 (but that could be a malcreant trick),

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Mettalknight

  • Guest
Re: Http: script-inf virus
« Reply #3 on: February 07, 2010, 07:13:23 AM »
bump so what does this mean polonus? will i not be able to ever access this site withought turning off avast >.<

YoKenny

  • Guest
Re: Http: script-inf virus
« Reply #4 on: February 07, 2010, 07:35:11 AM »
It means that the owner of emo-friends.com has to fix the site as it has been hacked.

Make Emo friends!
http://www.43things.com/things/view/991513/make-emo-friends <== site is safe

Mettalknight

  • Guest
Re: Http: script-inf virus
« Reply #5 on: February 09, 2010, 09:55:40 PM »
lol k thanks.......... hopefully the owner will realize eventually

simonhk

  • Guest
Re: Http: script-inf virus
« Reply #6 on: February 10, 2010, 01:30:54 PM »
my site bring up the same virus warning - my host has checked and cant find any virus - so how do i "fix" my site so this doesnt happen?
mafanjai.bcmagazine.net

CharleyO

  • Guest
Re: Http: script-inf virus
« Reply #7 on: February 10, 2010, 01:41:07 PM »
***

Welcome to the forums, simonhk   :)

Unmask Parasites finds your site as suspicious. See the link below.

http://www.UnmaskParasites.com/security-report/?page=mafanjai.bcmagazine.net

Also see the link below from Google Safe Browsing.

http://www.google.com/safebrowsing/diagnostic?site=mafanjai.bcmagazine.net


***

computerfreaker

  • Guest
Re: Http: script-inf virus
« Reply #8 on: February 10, 2010, 02:37:23 PM »
my site bring up the same virus warning - my host has checked and cant find any virus - so how do i "fix" my site so this doesnt happen?
mafanjai.bcmagazine.net
yep, you've been hacked.

Look for a script tag that leads to hxxp://glenysinternationalcuisine.com/glenys/.wysiwygPro_edit_index_html.php; get rid of that script tag (you can find the script I'm talking about immediately after the </head> tag).
I'll take glenysinternationalcuisine for a run, because it's absolutely loaded with obfuscated JavaScript.

EDIT: That "gleny" script contains a hidden IFRAME, which leads to hxxp://glenysinternationalcuisine.com/glenys/.wysiwygPro_edit_index_html.php?s=WA7A0Im2&id=

which contains all kinds of obfuscated JS, which contains an exploit, or perhaps multiple exploits, against Acrobat PDF Reader.

johnceberhardt

  • Guest
Re: Http: script-inf virus
« Reply #9 on: February 11, 2010, 09:56:48 PM »
this one (http://reosuccessformula.com/6weeks) comes up infected but http://www.unmaskparasites.com/ does not see anything. It reports clean. So who is correct? False positive or what?

JCE

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Http: script-inf virus
« Reply #10 on: February 11, 2010, 10:06:54 PM »
Google SafeBrowsing
http://www.google.com/safebrowsing/diagnostic?site=reosuccessformula.com/6weeks


Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-20, and the last time suspicious content was found on this site was on 2009-11-13.
Malicious software includes 2 scripting exploit(s).

Malicious software is hosted on 1 domain(s), including excellium.ca/.

This site was hosted on 1 network(s) including AS21844 (THEPLANET).
« Last Edit: February 11, 2010, 10:08:43 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Http: script-inf virus
« Reply #11 on: February 11, 2010, 10:18:13 PM »
Right Pondus,

This is OK at first glance, because of a 401 Unauthorized message, but getting to the real info, here it is:
What is the present status of reosuccessformula dot com?

Of one page being tested 1 page has been downloading and installing malicious software without user's  De Last time suspicious code was found was on 2009-11-13.
Malicious software includes 2 scripting exploits.

malicious software being hosted on one domain, e.g. excellium.ca/.

This site was hosted on 1 network including AS21844 (THEPLANET),

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!