I’m trying to go to a website wxw.netcastdaily.com, but Avast 5 keeps blocking it saying it found a trojan horse, HTML:IFrame-EE [Trj] .
I have checked the site with PhisTank, AVG, SiteTruth, LinkScanner, Google Safe Browsing and they show no threats.
How can I find out if there really is a trojan on this site? I’d really like to get on the site, but I don’t want to list it as an exception if there really is a trojan horse there.
Thanks
The site has been hacked, see image. There is a huge obfuscated script tag (which all on a single line, broken in the image to make it easier to see) and this is highly suspicious.
avast isn’t alone in detecting something wrong with this page, check these results, http://www.virustotal.com/analisis/26142cf8eee4ab4a2a066a1ed9a977e922b7eb08bf9cece2de6bf953220c00f2-1264723633.
David,
Thanks for the quick response and the info. I thought Virustotal only scanned files, I’ll have to figure out how you did that. Wait, it looks like you uploaded a file called ‘unp32080812.tmp’. What was in that file? How did you do that? ???
I wonder if the operators of the site in question know that they have been hacked?
Thanks again.
No problem, glad I could help.
Yes, it does only scan file, but a web page is a file if it is captured it can be scanned.
That may well be blissfully unaware as not many AVs even check for this much less detect it.
Welcome to the forums.
Again, thanks for the info. That was a good article. I had no idea…
To do this, I’m guessing you would go to a site in question, view it’s source, copy and paste it to a text file and submit that text file to virustotal.com for scanning. Is that what you did? If so, how were you able to get to the site to get its source code without getting infected?
Thanks
Not advisable to go visiting infected sites to try and grab a copy of the page, unless you are prepared for the possible consequences of bumping into something currently undetected.
But there are ways to get a copy of the alert page so it can be investigated.
There are also sites that you can have the URL checked out at, see this report on the site, http://www.UnmaskParasites.com/security-report/?page=www.netcastdaily.com. I find my way relatively quick without having to access other sites.
Something I forgot in my first reply - - Please ‘modify’ your 1st post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.