avast detects JS:Decode-BKU[Trj]

See: https://www.virustotal.com/nl/url/5684f2f7caa1b8738d5d96d9b18811013e80a7fe8ed6b930ade2bdc8264ac336/analysis/
and Website Malware malware-entry-mwanomalysp7?v43 htxp://www.ccscarpetscleaningtucker.com/script/jquery-1.2.6.min.js (error: line:3: SyntaxError: invalid flag after regular expression:
error: line:3: s,“form”)?jQuery.makeArray(this.elements):this;}).filter(function(){return this.name&&!this.disabled&&(this.checked||/select|textarea/i.test(this.nodeName)||/text|hidden|password/i.test(this.type));}).map(function(i,elem){var val=jQuery(this).val();return
error: line:3: ^
error: undefined variable yfr
error: undefined variable rll
error: undefined function rll)
htxp://www.ccscarpetscleaningtucker.com/script/formfunc.js ( undefined variable $
error: undefined function $)
Website Malware malware-entry-mwanomalysp7?v43 htxp://www.ccscarpetscleaningtucker.com/tucker-cleaning-services.html
Website Malware malware-entry-mwanomalysp7?v43 htxp://www.ccscarpetscleaningtucker.com/tucker-residential-carpets-cleaning.html
Website Malware malware-entry-mwanomalysp7?v43 htxp://www.ccscarpetscleaningtucker.com/tucker-commercial-carpets-cleaning.html
Website Malware malware-entry-mwanomalysp7?v43 htxp://www.ccscarpetscleaningtucker.com/tucker-area-rugs-cleaning.html

pol

Well, that is one smart proof that avast is strong in these type of malware varients which makes us unique because alot of times its these tiny buggers that lead us to malware downloads.

Hi True Ind,

And site infection is more likely because we have a GoDaddy IP here
that this website shares with 5.200 other domains
:o
Look what “goodies” out on this A.S.: http://sitevet.com/db/asn/AS26496
IPs allocated: 1768192
Blacklisted URLs: 10402
Hosts…
…malicious URLs? Yes
…badware? Yes
…botnet C&C servers? No
…exploit servers? Yes
…Zeus botnet servers? Yes
…Current Events? Yes
…phishing servers? Yes
…spam servers? Yes
…spam bots? No
…spam activity? Yes

So malware-all-sorts for you here, historical badness graphic stays overall bad.

pol

As pointed out before godaddy is definately getting some bad stuff up there.Loved to dig more here but in bed right now and sending these replies from tab 3 ;D

html scan :-
https://www.virustotal.com/en/file/9d2c80ed124c57f1579798ab507232a2a4e78853686afe5a5f6899f9d04690bc/analysis/1410199594/

Sucuri http://sitecheck.sucuri.net/results/www.ccscarpetscleaningtucker.com/

Killmalware http://killmalware.com/www.ccscarpetscleaningtucker.com/

scanning the js file :wink:
https://www.virustotal.com/en/file/5eefe767e0ec2178334dc54d484621776f0fdb01be10433d9f58f3bf27cc7545/analysis/1410199944/

Hi Pondus,

avast! Webshield even barks on opening the killmalware scan as

URL
hxxp://killmalware.com/ajax/www.ccscarpetscleaningtucker.com/|{gzip}

Infectie
JS:Decode-BKU [Trj]

We have direct code blocking upon detection ;D

Hej Hej

pol