URL:Mal y HTML:RedirME-inf FAKE??

[4444]

Sorry dudes, I dont quite understand the conclusions..

Is it a real virus?
What do I do now?
Can I solve it somehow?

[4444]

And this was a  problem: This website send passwords in clear text upon request

what does this means?

[adotd]

Hello can you visit

http://forum.avast.com/index.php?topic=53253.0

and post all the logs please

Our malware expert: essexboy is currently offline

He lives in the UK,  he should be on in the morning.
 

Anthony

[4444]

thxs alot  Anthony

but, what is a log?

and how do I post a log?

[adotd]

thxs alot  adotd

but, what is a log?

when you run the programs they will generate a text file, save the text files on your desktop in a folder.

and how do I post a log?

When reply you will see "Attachments and other options", you can upload them there.

Me and polonus have found information about it, but the malware expert needs the logs so he can assist you.

[jeffce]

Monitoring... 

[4444]

thxs alot  adotd

but, what is a log?

when you run the programs they will generate a text file, save the text files on your desktop in a folder.

In what folder do I find these txt file?  In chome folder dont seem to be a log.txt file

To get assistance please create your own topic in the virus forum.  This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread.  Thank you 

the topic is opned, should i post the logs here?

[adotd]

Yes post the logs here.

[4444]

In what folder do I find these txt file?  In chome folder dont seem to be a log.txt file

I have also looked at AVAST folder and it does not seem to be a log.txt file

And of course. THANKS AGAIN FOR THE HELP

[jeffce]

Hi 4444,

Just follow these instructions.  The logs will automatically be made when the scans are complete.  Just save them to your Desktop and then attach them to your next reply. 

• Download OTL to your desktop.
  
• Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    

----------


Please download aswMBR to your desktop.

• Right click and Run as Administrator the aswMBR icon to run it.
• Click the Scan button to start scan.
  
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post the logs made by OTL and aswMBR. 

[adotd]

For your logs for malwarebytes, open malwarebytes and then click on the logs tab.

[!Donovan]

Hi 4444,

I've looked at the source of your site, and most of it is obfuscated and merged together, making my job harder.

But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.

A search for this "msplinks" keyword reveals 29 instances.

Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.


VirusTotal results clean, but then again the redirect is from another redirect.

Do you know of how these supposed "movies" got on your website?

[4444]

Hi 4444,

I've looked at the source of your site, and most of it is obfuscated and merged together, making my job harder.

But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.

A search for this "msplinks" keyword reveals 29 instances.

Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.


VirusTotal results clean, but then again the redirect is from another redirect.

Do you know of how these supposed "movies" got on your website?

Dont understand about the word "movies" but in general, Ive got the myspace normal settings and some reverbvation widgets taken directrly from reverbnation www.reverbnation.com . Just copy and paste the code from reverbnation.com

I can attach the code:

EDIT-- THE CODE IS ATTACHED IN PAGE 4

NOTE: This code is the exactly code reverbnation.com gives, I think myspace recodes it in some way.  If you are interested I can give the "recoding" of myspace

[4444]

Here are the logs

I could not get the log from malwarebytes, becouse each time malwarebytes was scanning "microsoft build task resources/2.0.0._p........." the program sttoped and did not finish. malwarebytes always stops in the same place wiyhout finishing

[adotd]

now thats alot of redirects