Hi,
My friend has web site in development and he is preparing to launch it live. While I was previewing site I got warning from Avast: Trojan detected- JS:Redirector-CV.
We have tested other Anti virus sw (NOD, Norton, Kaspersky, Avira) and none of them detects virus.
Only scripts are jQuery scripts.
Any idea?
Peter
Any code to look at…?? 
asyn
XXX.gardencentar.rs
Here’s the following report:
Report 2010-07-29 00:22:39 (GMT 1)
Website gardencentar.rs
Domain Hash 839df08a5ffcbac1cbe646669aa372ce
IP Address 212.102.130.51 [SCAN]
IP Hostname web.b92.net
IP Country RS (Serbia)
AS Number 9081
AS Name AS9081 B92-NET Autonomous System
Detections 0 / 17 (0 %)
Status CLEAN
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts UNRATED
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN
NoVirusThanks Scan Website
SenderBase View Reputation
Anubis Analyze URL
Robtex DNS Information
Alexa Traffic Rank
Here is print screen showing Avast alert. It blocks opening of the site.
Are you still getting the notification now?
Unfortunately yes.
Peterl,
With every setting in the Webshield on the “highest” possible, I don’t get any notification from Avast! on that website :-\ Have you updated to the latest program version/virus definitions ???
Greetz, Red.
Report from Unmask Parasites:
General
Title:
Polazna - wXw.gardencentar.rs
URL: hXXp://www.gardencentar.rs/beta/
Google: not currently listed as suspicious* (details)
Generator: gpEasy.com
Last checked: 0 minutes ago (results are cached for 1 hour)
This report:
External References
No external references found.
avast doesn’t block it anymore…!
Can you confirm this…??
asyn
As you can see from attached picture it still shows alert.
Does anyone has any idea why is this happening?
Why other anti virus software does not react?
Well the site appears to have been hacked and avast went ballistic, see below.
wxw.gardencentar.rs/beta/themes/garden%20centar%20-%20naslovna/standard/images-zeleni/logo_banner.png [L] JS:Redirector-CV [Trj] (0)
wxw.gardencentar.rs/beta/themes/garden%20centar%20-%20naslovna/standard/images-zeleni/menidesno.gif [L] JS:Redirector-CV [Trj] (0)
wxw.gardencentar.rs/beta/themes/garden%20centar%20-%20naslovna/standard/images-zeleni/dno.png [L] JS:Redirector-CV [Trj] (0)
wxw.gardencentar.rs/beta/themes/garden%20centar%20-%20naslovna/standard/images-zeleni/menihover.gif [L] JS:Redirector-CV [Trj] (0)
wxw.gardencentar.rs/favicon.ico [L] JS:Redirector-CV [Trj] (0)
One of the alerts that I captured has some pretty weird obfuscated scripts in there one which appears to be setting a cookie, very strange for what is meant to be an image. The other appears to be running a keygen and crack at keygenguru.com and linking to supersoftwarestore.com, softsalesterritory.com and a bunch of other dubious sites. All of which again to me is highly suspect for what is meant to be an image file.
Edit, not to mention there is no image data inside the file.
This is very useful info.
Can you share more details?
No I can’t because that is as far as I took it, e.g. confirming that it appears the site has been hacked.
Wow, now I got that notification too :o
Greetz, Red.
Hi, Sorry to jump in on this thread but I have avast free on a win7 pc and it sometimes gives me a warning about threats on a web site, and a site ive been to before without problem. When it first happened I got outa there real quick, but after a little while of this happening I tried accessing the same website on another pc on my network (which has the same version of avast) and theres no warning. Hasnt done it for a while now but it was strange. Not bashing an excellent product but just adding my 2 bobs worth.
Peterl,
Please go back to Post #2 that you made and edit your post of the link you put in it from www… to wXx so that others cannot get malware if they accidentally click on the link and go to that site.
To edit your post, click on the Modify button on the upper right corner of your post window > make the change in your post > click Save on the bottom left corner. Thank you.
Please start your own topic (so it doesn’t confuse/hijack this one) and the site can be investigated. Avast it probably the hottest defence against what is the most prevalent means of infection and that is sites that have been hacked. There are very few AVs even looking for this, much less capable of detection.
The web shield has been very accurate in its detections, of all those I have investigated the very greatest majority have proven to be good detections as the many topics relating to such detections show. That isn’t to say it is 100% as nothing is 100% and is true of all security software.
Without detailed investigation all this is speculation as the web shield scans in real time, so it is entirely possible that a) the site has cleaned out the inserted code of the hacking attack or b) if an incorrect detection the signature updated/corrected. But without information no one can say for certain.
Have somebody solution for this JS:Redirector-CV trojan problem? I have same warnings on my webs, but the code is clean.
@ e1,
Please stay with the same thread that you started for this topic:
http://forum.avast.com/index.php?topic=65971.msg558023#msg558023 as this will only confuse the people trying to help you. Thank you.