« previous next »
Pages: [1]   Go Down

Author Topic: Request for help  (Read 2034 times)

0 Members and 1 Guest are viewing this topic.

vk1945

  • Guest
Request for help
« on: February 21, 2010, 08:08:19 PM »
I have been a member of one religious forum  by name hxxp://www.sumadhwaseva.com for the last three years & used to participate in the forum without difficuly.

Since last week when I try to open the site I am receiving the message
 
" Trojan Horse Blocked.
  avast web shield has blocked a threat,
  No Further action is required.
 
  Object : hxxp://www.www.SUMADHWASEVA.com/
 
   Infection : JS:small-C[Trj]
 
   Action : Connection Aborted
 
   The threat was detected and Blocked while
   dowloading an item from the web "
 
   Thus I can not open the very site itself.

   I tried to check up with the concerned people of the site they say  
   there is nothing wrong with their site. I am unable to open any link of
   this site. I have been a regular member of this site & I have not found
   any virus threats from there.

   Kindly chechk up the matter & help me in the matter.

   vk1945

« Last Edit: February 22, 2010, 08:09:42 AM by igor »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Some Problem. Request Help
« Reply #1 on: February 21, 2010, 08:35:28 PM »
Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

This page seems to be <suspicious>
http://www.UnmaskParasites.com/security-report/?page=www.sumadhwaseva.com

scroll down to " Suspicious Inline Scripts " Obfuscated script

There is also a Malwarebytes IP block on ip: 122.115.63.2
hpHosts: http://hosts-file.net/default.asp?s=122.115.63.2
« Last Edit: February 21, 2010, 08:54:40 PM by Pondus »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89029
  • No support PMs thanks
Request for help
« Reply #2 on: February 21, 2010, 08:39:57 PM »
The site appears to have been hacked and avast isn't alone in finding detections on both of the avast alerts, image1&2.

http://www.virustotal.com/analisis/89d100292f6ad93fa7ed1aa06a94c49bc7970067021f61c2460dcec85be9d986-1266780533
and
http://www.virustotal.com/analisis/c94de81e77315135338c1e57188e8378a72d9d3a46943300b5ed0fd7e754e5a6-1266780650

There is a huge block of obfuscated javascript (all on a single line) after the closing Head tag and before the opening Body tag a bit of a standards no, no and highly suspect, see image3 where the single line has been broken to make it easier to see. The is the same in the other alert.

Also see, http://www.UnmaskParasites.com/security-report/?page=www.sumadhwaseva.com
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spg SCOTT

  • Guest
Re: Some Problem. Request Help
« Reply #3 on: February 21, 2010, 08:40:06 PM »
Hi vk1945

Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.

This kind of detection is very common these days, with many 'legitimate sites' becoming hacked to distribute malware:

Every 3.6 seconds a website is infected


Unfortunately, it does seem as though the site has been hacked.

There is a large chunk of obfuscated script on that page which is also outlined by the link Pondus has provided.


-Scott-
Logged
Pages: [1]   Go Up
« previous next »