Author Topic: Trojan Horse  (Read 2720 times)

0 Members and 1 Guest are viewing this topic.

muror

  • Guest
Trojan Horse
« on: August 17, 2010, 10:16:33 PM »
avast! claims that the website http://www.wigenweb.org/ contains a Trojan Horse and denies access. The webmistress was contacted and she did not receive a warning. I uninstalled avast! and installed Avira AntiVir which does not block access to the website. Is avast! a false warning ?
If it is a false warning what can be done to correct ?
Myron

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Trojan Horse
« Reply #1 on: August 17, 2010, 11:50:49 PM »
It looks like the site has been hacked, I get two alerts, one on a packed javascript file being loaded when you visit the page (it has a different malware name JS:ScriptIP-inf and inserted/injected script).

The second is in the actual home page, this is an obfuscated script tag inserted after the Body tag on the same line and goes on for a long way (see image I have broken it onto another line to show where it is).

See image2 for a decoded result of what and where this obfuscated script is going, I don't know if this is intended/legit for the site, but I find little reason to obfuscate javascript (a plain language form of scripting) in this way, what are they hiding.

The site it is pointing at is located in China and doesn't have a very good reputation (the same for most of its sub-domains also) http://www.mywot.com/en/scorecard/serveblog.net, http://www.google.com/search?q=serveblog.net.


Very few AVs are actually looking at this and less capable of detection.
http://www.virustotal.com/file-scan/report.html?id=049bbf3c0fa2944b895f11cc04e19481d684379ed6e45aa0e912275b6656b11d-1282080451
« Last Edit: August 17, 2010, 11:52:28 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: Trojan Horse
« Reply #2 on: August 18, 2010, 07:47:01 AM »

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Trojan Horse
« Reply #3 on: August 18, 2010, 01:11:31 PM »
1. I uninstalled avast! and installed Avira AntiVir which does not block access to the website.
2. Is avast! a false warning ?

1. Not a good idea to uninstall the program that would have protected you..!! :(
2. No..!!!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0