Conditional redirect found

Viruses and worms
1

See: http://killmalware.com/adptive-space.com/
http://sitecheck.sucuri.net/results/adptive-space.com/
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware MW:HTA:7 htxp://www.availablelocksmithinc.com
Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to:htxp://hotcasinoroom.com/index.html?site=65859
CMS vulnerable.
Web application version:
WordPress version: WordPress
Wordpress version from source: 3.5.1
Wordpress Version 3.5 based on: http://www.availablelocksmithinc.com/wp-admin/js/common.js
All in One SEO Pack version: 1.6.13
WordPress directory: htxp://www.availablelocksmithinc.com/wp-content
WordPress theme: htxp://www.availablelocksmithinc.com/wp-content/themes/available/
Wordpress internal path: /home/content/98/8738698/html/wp-content/themes/available/index.php
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

polonus

2

See: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware mw-redirection121?v3 htxp://bagira-show.ru/index.php/video
Website Malware mw-redirection121?v3 htxp://bagira-show.ru/index.php/obuchenie
Website Malware mw-redirection121?v3 htxp://bagira-show.ru/index.php?style=black
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mw-redirection121?v3
Location: htxp://alfsystem.com.my/includes/domit/1.php
Blacklisting status
Google reports bagira-show.ru as suspicious website
Blacklisted
SE visitors redirects
Chain of redirects found:
to: htxp://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
jbtconsultinggroup dot com is reported by Google as suspicious
56 sites infected with redirects to this URL
to: htxp://alfsystem.com.my/includes/domit/1.php
alfsystem dot com.my is reported by Google as suspicious
818 sites infected with redirects to this URL
to: htxp://www.csra.de/includes/domit/1.php
wXw.csra.de is reported by Google as suspicious
346 sites infected with redirects to this URL
to: htXp://google.ru
42 sites infected with redirects to this URL
Re: http://zulu.zscaler.com/submission/show/dc474bce0d9dedd25306725cd65537ae-1406760592

Site with vulnerable CMS: Web application details:
Application: Joomla! 1.7 - Open Source Content Management - http://www.joomla.org

Web application version:
Joomla Version 1.6 or 1.7 for: htxp://bagira-show.ru/media/system/js/caption.js
Joomla Version 1.6.x for: htxp://bagira-show.ru/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.20 or 3.3
Outdated Web Server Nginx Found: nginx/1.4.4
System Details:
Running on: nginx/1.4.4
Powered by: PHP/5.2.17-pl0-gentoo

Malcode on bagira-show dot ru,77.222.56.11,ns1.spaceweb dot ru,Parked/expired,

IP badness history: https://www.virustotal.com/nl/ip-address/77.222.56.11/information/
Small wonder with 333 domains on one and the same IP: http://sameid.net/ip/77.222.56.11/

polonus

3

SE redirect and more "goodies"here:
Scan results: http://killmalware.com/jinniuguojiylc9788.com/#
SE visitors redirects
Visitors from search engines are redirected
to: htxp://www.116188.com/
465 sites infected with redirects to this URL
Sucuri flags: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware MW:HTA:7 http://jinniuguojiylc9788.com/
Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to:htxp://www.116188.com/
Missed here: https://www.virustotal.com/nl/url/f1736952ddb7bba125160cd790764e58a7216459ff7ce7134ab09cb6c214e293/analysis/1406845823/
and here: http://zulu.zscaler.com/submission/show/234c9d4a8798ec874c2a26d1e7052cd2-1406846002
Detected at Quttera’s: http://www.quttera.com/detailed_report/jinniuguojiylc9788.com

External links to htxp://116188.com/go2url.html?uri= Instruction to completely remove from Windows:
http://www.quicklyuninstall.com/article/Quickly-Uinstall-Go2URL-1.0.html