i get this hxxp://www.xaeox.net/sv/sw?aid but nothing happens when i click on it. Alos searched google and no info on this at all.
It also shows > Infection:al
Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.
Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0
Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).
Check here how to clean and make a website secure.
The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.
This is my site i am talking about. It scrapes youtube videos so i don’t see how they could be infected?
Can u give me a unclickable site address of your site again?
i will check and report back here telling u how to clean it away…
Site is being given as suspicious here: http://urlquery.net/report.php?id=13272
unknown_html_RFI_shell malware on that particular IP. Dutch leaseweb always had/has a lot of issues. Here the webshield detects URL:Mal. Sucuri gives the site clean, but malware has been reported on VirusWatch,
polonus
Hi True Indian and Thanks for your help it’s hxxp://ishowtime.org
Thanks Polonus! i wonder why it comes up as malware? My site has been deindexed and am wondering if it is because this issue.
That site is malicious: http://urlquery.net/report.php?id=13275
Also saw this: http://www.google.com/support/forum/p/Webmasters/thread?tid=040729da49f612c6&hl=en
And this seems to be at the culprit of it:
-ishowtime.org/js/pngfix.js suspicious
[suspicious:2] (ipaddr:209.160.51.38) (script) -ishowtime.org/js/pngfix.js
status: (referer=ishowtime.org/)saved 1319 bytes e8442d297452068a83faf0e89fb776395ec8a141
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
It is a jQuery trojan, so update your Wordpress again, it was hacked via an iFrame,
Well this info is brought to you by,
polonus
P.S. For cleansing read: http://www.stopthehacker.com/2011/04/19/oscommerce-malware/
link source: Jaal, LLC stop the hacker link authors stop the hacker managment team
D
Hi kirkP,
We actually should be glad that avast is so adequate in finding this web-malware like WordPress malware etc., lots of av solutions are hopelessly inaccurate. We see that only 2 out of 41 AV engines were able to flag this malware and website reputation sources fail to identify as a rule,
polonus
Agreed.
The site has been flagged as clean by securi but u have to follow to polonus advice to get your site clean. [site is infected]
How would i go about cleaning the site ? Should i download all the content and put it through avast?
Many Thanks again
May be this will help.
Search and kill this above page on the site that will clean it.
I will check this out. Thanks friend!
Your Welcome! 
Well, tried that. I forgot to mention that i am running a script from alurian called prismotube and i wonder if that is the culprit here. i don’t know how else someone could infect the site.
did u destroy that page i told u?
see here:
http://www.stopthehacker.com/2011/04/19/oscommerce-malware/
I forgot to mention that my site uses a script from alurian called prismotube. I don’t know if that would have some vulnerabilities in it.
Follow the link i gave u in my earlier post that will help u.
Ya i went there and that only has to do with. I had my friend do it and he said: that file is only to correct .png images on some Internet Explorer browsers… and I looked at the code and there is nothing wrong in there… but I will remove it anyways.
So back to square one!