2 days ago Avast warning me about trojan JS:Redirector in this website.Even today with new defs everything is the same! Defs are 131228-1.
Here is the screenshot about detection
If virustotal says it is clean, it doesn’t mean that there is no harmful thing on that website.
The adds they are providing changes all the time, so there can be a harmful add on the website.
And why would someone use this code on a webpage?
var OX_4f1056cf = ‘’;
document.write(OX_4f1056cf);
It’s classified as a redirecter trojan. This kind of code sends users from one site (they deliberately visit) to another that the user him-/herself did not ask for. This other site might download malware, show porno, steal user data (spyware) or simply use the false traffic to make fraudulous ad revenues. The site itself might be clean, but the (changing) ads might be harmful depending on which ad is loaded. http://quttera.com/detailed_report/kaldata.com
Avast detects JS:Redirector-BJB on every site that use this JS ADS system or have some part for redirection in source code.
So many years without this restriction, and now, why or… what?
Thousands of sites in WWW use ADS systems like this, and Avast tells the user that they’r infected.
That`s thousands of webmasters who needs to change the way their pages working.
100 % false positive. Please review it in details and we will waiting for fix.
That site admin have been using this tactic for years does not necessarily mean it therefore is good or should be allowed. If it poses a security risk (now), it’s rightfully blocked (now).
Again it does not seem the site itself to be the issue, it’s the ads/ad delivery system (3rd party?).
There’s plenty of examples where hacked ad servers have been used to spread malware. If you believe you might’ve been infected in the past and all problems have been fixed now, you can use the contact form/ticket system to report a false positive: https://support.avast.com/Tickets/Submit. That might help you more than arguing with me on a (mainly) users forum. The avast crew don’t respond here that much.
p.s. I am a smartass, maybe, but you make a dangerous fallacy in thinking many users == good/save. Number of users or the fact something is commercial does not mean something MUST be save.
This is a false positive for sure. We at kaldata provide many services (including malware removal) and we can guarantee that there is no problem with the site itself.
I am not the admin of the site (but one of the Malware Response Team members trained at BleepingComputer) and we already spoke with the admin. The following ads script (/www/delivery/*) is used in many legit sites like:
It’s possible we’re the only to detect it. The script is a redirection usually to hxxp://brins.biz If you don’t know why there should be such redirection, you should fix that ASAP.