Author Topic: Malware JS:ScriptIP-inf on www.parolecrociate.net ? (Read 6151 times)

MiNiX · « **on:** October 21, 2011, 04:33:38 PM »

Hi,

Since yesterday, all my users who have Avast! installed can't connect to my websites http://www.parolecrociate.net and http://forum.parolecrociate.net, while all the other users don't have problems.

I think it's a false positive, but Avast! tells:

A trojan horse was found!

File name: http://www.google.it/url?sa=t&rct=j&q=parolecrociate.net&source=web&cd=1&ved=0CB0QFjAA&url=http%3A%2F%2Fwww.parolecrociate.net%2F&ei=-ByhTrG2DoPh4QTLu6G9BA&usg=AFQjCNGqECOy4JA_MBT71d60ifoa5ZTdDA\http:\\www.google.it\url?sa=t&rct=j&q=parolecrociate.net&source=web&cd=1&ved=0CB0QFjAA&url=http%3A%2F%2Fwww.parolecrociate

Malware name: JS:ScriptIP-inf [Trj]

Malware type: Trojan Horse

VPS version: 111020-2, 20/10/2011

Here is the log:

21.10.2011 09:25:30 Network Shield: blocked access to malicious site dns://www.parolecrociate.net [ C:\Windows\system32\svchost.exe ]

Are there problems with your recent update?

Thanks in advance for the reply and support!!

Pondus · « **Reply #1 on:** October 21, 2011, 04:55:11 PM »

VisusTotal is usless again

so not able to scan the URL
Sucuri say clean

Wepawet report say Benign but is mentioning a redirect at the bottom
http://wepawet.iseclab.org/view.php?hash=22b444f3c47c624966cb7ee91e3bbf28&t=1319207852&type=js

MiNiX · « **Reply #2 on:** October 21, 2011, 05:06:31 PM »

Quote from: Pondus on October 21, 2011, 04:55:11 PM

VisusTotal is usless again so not able to scan the URL
Sucuri say clean

Wepawet report say Benign but is mentioning a redirect at the bottom
http://wepawet.iseclab.org/view.php?hash=22b444f3c47c624966cb7ee91e3bbf28&t=1319207852&type=js

Thanks a lot.
The redirect is from google ads... Is it possible this is a false positive? If yes, how can I unlock the website for my users?

Milos · « **Reply #3 on:** October 21, 2011, 05:54:01 PM »

Hello,
it will be fixed in next VPS.

Milos

MiNiX · « **Reply #4 on:** October 21, 2011, 05:57:41 PM »

Quote from: Milos on October 21, 2011, 05:54:01 PM

Hello,
it will be fixed in next VPS.

Milos

Thank you very much!!!

What should my users have to do, before the VSP, to connect to my websites without troubles?

alpha1 · « **Reply #5 on:** October 21, 2011, 06:20:40 PM »

i imagine next update is soon.

alpha1 · « **Reply #6 on:** October 21, 2011, 06:22:39 PM »

speak of the devil

i just updated now.

DavidR · « **Reply #7 on:** October 21, 2011, 07:17:59 PM »

There has been no update yet, it is still on VPS 111021-0 and the network shield still blocks the site.

alpha1 · « **Reply #8 on:** October 21, 2011, 07:23:06 PM »

Quote from: DavidR on October 21, 2011, 07:17:59 PM

There has been no update yet, it is still on VPS 111021-0 and the network shield still blocks the site.

maybe its still blocked,but i did get my update just recently. 111021-0

MiNiX · « **Reply #9 on:** October 22, 2011, 12:33:15 PM »

Thank you very much for the quickness: PROBLEM SOLVED with your last update!

DavidR · « **Reply #10 on:** October 22, 2011, 01:29:34 PM »

Thanks for the feedback in reporting it resolved.

Author Topic: Malware JS:ScriptIP-inf on www.parolecrociate.net ? (Read 6151 times)

MiNiX

Malware JS:ScriptIP-inf on www.parolecrociate.net ?

Pondus

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

MiNiX

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

Milos

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

MiNiX

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

alpha1

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

alpha1

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

DavidR

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

alpha1

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

MiNiX

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?

DavidR

Re: Malware JS:ScriptIP-inf on www.parolecrociate.net ?