Fake message block my websites!!! HTML:Framer-inf [Trj]

Fake message block my websites!!!

HTML:Framer-inf [Trj]

My websites was checked with many tools include Total Virus

https://www.virustotal.com/en/url/48c4d76819cd0d19f1344bfae5caf451736d23d9837848a9300eb2aedab7bc7d/analysis/1389091918/

https://www.virustotal.com/en/url/7d5c631672f93ee20df405b1b87733e162f45396aaeb7f0f0014a03ee618a873/analysis/1389091960/

Please, Avast fix this problem soon as possible

Hi,

I’ll have Polonus take a look since I cna’t do anything other then VT on websites.

http://zulu.zscaler.com/submission/show/7a4ac5dfffed56b96a074bd9a3a54614-1389093415

@alan:You can take a look from many testing sites here: http://scanurl.net/

I cannot see anything malicious there.

That site loads fine for me. No warnings or blocking.

When Avast installed on a computer fake messages appear.

Try updating your VPS and Program.

VPS: http://www.avast.com/en-eu/download-thank-you.php?product=VPS9&locale=en-eu
program: Warning: YOu’re using v8, not the latest: http://www.avast.com/en-eu/index

Note: If you upgrade, you shouldn’t need a VPS update.

I use avast and your site works for me.

Some people still complain. I don’t know where is the problem with Avast

tell them to do a manuall avast update … wait a couple of minutes and try again

if still a problem, report it here

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

you may add a link to this topic in case they reply here…

Eveything is fine. To everyone: Update your Antivirus

http://www.avast.com/en-eu/download-thank-you.php?product=VPS9&locale=en-eu

But what are the errors I get here? → http://jsunpack.jeek.org/?report=62e3f6138b9aed1800846e71ec4a5981931b6e6c
and for the main file I get:

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htxp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="refresh" content="0;url= htxp___alexandergoranov.com/Dobre_dosli_v_nasata_realnost.html" /></head><body></body></html><style>@import url(htxp://neq3hosting.com/x.css);</style> 

This is OK: https://urlquery.net/report.php?id=8733909

 <frame src="htxp://alexandergoranov.uco.im" frameborder="0" />

polonus

Alsoi consider this: Seems unblocked now: http://aqmthai.com/

This was in the urlquery history however: http://urlquery.net/report.php?id=1762131
There was exploit kit garbage found: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/18009

Here it is being given clean: http://urlquery.net/report.php?id=8733430
and here: http://maldb.com/aqmthai.com/
Code hick-up here: aqmthai dot com/jquery/js/jquery-ui-1.8.2.custom.min.js benign
[nothing detected] (script) aqmthai dot com/jquery/js/jquery-ui-1.8.2.custom.min.js
status: (referer=aqmthai dot com/)saved 206991 bytes ee9fb45a057673e22bc8134dd4ea0602f82cc058
info: [iframe] aqmthai dot com/jquery/js/javascript:false;
info: [decodingLevel=0] found JavaScript
suspicious:

Found with injection chcek (from earlier compromise? → Suspicious Text before HTML 

pol