Avast! Webshield alerting already on a scan.

polonus · October 1, 2014, 12:08pm

When just enough of detectable code is given on a scan results page the avast! Webshield will beat the alarm. This time for JS:Decode-LX[Trj] here: htxp://killmalware.com/americanspecialtywipes.com/
So I have broken that link.
See: https://www.virustotal.com/nl/url/bb8f74ff9e0891e97deddbf1fecbcbddfb32c5d1119254347baf27b964a40a26/analysis/1412164936/

See the fetched malcode in an secure way, then look at the attached image.
By the way link to htxp://brainstormnet.org/go.php?sid=2 is being blocked by an extension for me!

pol

Pondus · October 1, 2014, 2:58pm

JS:Decode-LX[Trj]

JS:Decode is a blackHole exploit

html scan
https://www.virustotal.com/nb/file/aea99bf193ec4d0c671b0da7f88cba1d534996d65d239057c9293fafe7b2cb3e/analysis/1412182378/

polonus · October 1, 2014, 4:31pm

See here: http://urlquery.net/report.php?id=1412180816776
Trojans detected:
Object: htxp://artemenkogeb.pochta.ru/message263.html
SHA1: afc3a1ee7aa5bced6d40b44cebc47bc9c1e33c57
Name: TrojWare.JS.Agent.jg
OK avast! Webshield blocks this as JS:ScriptDC-inf[Trj]

polonus

Pondus · October 1, 2014, 4:58pm

htxp://artemenkogeb.pochta.ru
https://www.virustotal.com/nb/file/85d2d45237c7bf2a2bfad71d2f439f099e821909b0420552e1786bf810bc35d4/analysis/1412182527/

Avast! Webshield alerting already on a scan.

Announcements