Author Topic: URL:Mal y HTML:RedirME-inf FAKE??  (Read 58135 times)

0 Members and 1 Guest are viewing this topic.

4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #15 on: April 02, 2012, 01:37:10 AM »
Sorry dudes, I dont quite understand the conclusions..

Is it a real virus?
What do I do now?
Can I solve it somehow?

4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #16 on: April 02, 2012, 01:39:55 AM »
Quote
And this was a  problem: This website send passwords in clear text upon request

what does this means?

adotd

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #17 on: April 02, 2012, 01:46:33 AM »
Hello can you visit

http://forum.avast.com/index.php?topic=53253.0

and post all the logs please

Our malware expert: essexboy is currently offline

He lives in the UK,  he should be on in the morning.
 

Anthony

4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #18 on: April 02, 2012, 01:54:04 AM »
thxs alot  Anthony

but, what is a log?

and how do I post a log?

adotd

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #19 on: April 02, 2012, 02:00:10 AM »
thxs alot  adotd

Quote
but, what is a log?

when you run the programs they will generate a text file, save the text files on your desktop in a folder.

Quote
and how do I post a log?

When reply you will see "Attachments and other options", you can upload them there.

Me and polonus have found information about it, but the malware expert needs the logs so he can assist you.

jeffce

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #20 on: April 02, 2012, 02:09:36 AM »
Monitoring...  :)

4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #21 on: April 02, 2012, 02:11:34 AM »
thxs alot  adotd

Quote
but, what is a log?

when you run the programs they will generate a text file, save the text files on your desktop in a folder.



In what folder do I find these txt file?  In chome folder dont seem to be a log.txt file

Quote
To get assistance please create your own topic in the virus forum.  This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread.  Thank you 

the topic is opned, should i post the logs here?

« Last Edit: April 02, 2012, 02:14:10 AM by 4444 »

adotd

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #22 on: April 02, 2012, 02:14:22 AM »
Yes post the logs here.


4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #23 on: April 02, 2012, 02:26:47 AM »


In what folder do I find these txt file?  In chome folder dont seem to be a log.txt file


I have also looked at AVAST folder and it does not seem to be a log.txt file

And of course. THANKS AGAIN FOR THE HELP

jeffce

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #24 on: April 02, 2012, 02:29:53 AM »
Hi 4444,

Just follow these instructions.  The logs will automatically be made when the scans are complete.  Just save them to your Desktop and then attach them to your next reply.  :)

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------


Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post the logs made by OTL and aswMBR.  :)

adotd

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #25 on: April 02, 2012, 02:30:44 AM »
For your logs for malwarebytes, open malwarebytes and then click on the logs tab. :)

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #26 on: April 02, 2012, 02:50:47 AM »
Hi 4444,

I've looked at the source of your site, and most of it is obfuscated and merged together, making my job harder. :-\

But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.

A search for this "msplinks" keyword reveals 29 instances.

Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.


VirusTotal results clean, but then again the redirect is from another redirect.

Do you know of how these supposed "movies" got on your website?

Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #27 on: April 02, 2012, 03:07:10 AM »
Hi 4444,

I've looked at the source of your site, and most of it is obfuscated and merged together, making my job harder. :-\

But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.

A search for this "msplinks" keyword reveals 29 instances.

Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.


VirusTotal results clean, but then again the redirect is from another redirect.

Do you know of how these supposed "movies" got on your website?



Dont understand about the word "movies" but in general, Ive got the myspace normal settings and some reverbvation widgets taken directrly from reverbnation www.reverbnation.com . Just copy and paste the code from reverbnation.com

I can attach the code:

EDIT-- THE CODE IS ATTACHED IN PAGE 4

NOTE: This code is the exactly code reverbnation.com gives, I think myspace recodes it in some way.  If you are interested I can give the "recoding" of myspace
« Last Edit: April 05, 2012, 02:11:06 PM by 4444 »

4444

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #28 on: April 02, 2012, 03:11:16 AM »
Here are the logs

I could not get the log from malwarebytes, becouse each time malwarebytes was scanning "microsoft build task resources/2.0.0._p........." the program sttoped and did not finish. malwarebytes always stops in the same place wiyhout finishing
« Last Edit: April 07, 2012, 03:48:21 AM by 4444 »

adotd

  • Guest
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #29 on: April 02, 2012, 03:13:39 AM »
now thats alot of redirects :)