Sucuri detects malware:
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwjsanon7 htxp://alfa-elite.narod.ru/index.files/work.htm
Website Malware malware-entry-mwjsanon7 htxp://alfa-elite.narod.ru/index.files/factory.htm
Website Malware malware-entry-mwjsanon7 htxp://alfa-elite.narod.ru/index.files/contact.htm
Website Malware malware-entry-mwjsanon7 htxp://alfa-elite.narod.ru
Known javascript malware. Details: http://sucuri.net/malware/malware-entry-mwjsanon7
Let us check: Injection Check - Suspicious Text before HTML
JavaScript Check: Suspicious
404 Error Check: Suspicious
Suspicious 404 Page:
.ru/hit;counter1?r"+escape(document.referrer)+((typeof(screen)==“undefined”)?“”:“;s”+screen.width+““+screen.height+””+
Running on: uServ/3.2.2 → risk 7 out of 10 → http://toolbar.netcraft.com/site_report?url=http://alfa-elite.narod.ru
external counter link → http://toolbar.netcraft.com/site_report?url=http://www.narod.ru
Suspicious code hick-up:
s212.ucoz.net/w2h.js benign S212.ucoz.net is a secure site…
[nothing detected] (script) s212.ucoz.net/w2h.js
status: (referer=alfa-elite.narod.ru/abnl/?adsdata=GNkQ0y4Rl;aFWXt3bb2DvdlLKFvqe;O3GLGPfEuWbesyut!7UW6r2NIB1SqZYgIBNtNRJwQEK2v0Df;HlqEMtImQpJYJ!qDwNuUS8dZ4H6AdN;;BuzgA^EZunQ0eX^RZc6VcJbpQFdJkUcvTLb3gAwy9grzA7BWCzunbE^O8KUkOXXR56ab9vwTcy55wbvXtnMbukip85yxSGaV5!JMleaRQTWRTQ6UgGC4puT5g3V5lnxF^undHjcvQZb9Cv^bNjzJea70w4MH3VmbVkwBlXgYh14;cZ3I6b8wK!b9s1QzJhWyhJZyVmH0OHl0v0rmpXshF1ckQhw3sS;VJiM9QVsBTF!jfzZrwdNp4A7nXq1ubHXHXTByrqRMYeJgnHy4mmIk2xlCezIYZGW2W1qKeZNbepNG4k453aPg!P9JSO47Rq3^qQd!CRABt;aJi5t;Gx!IvTkakZ74kG03Y4Ii4LvmT;7C9y07hGnyT3xw5URvZAQdwU5e3T!;S7zGVhjyMO2qxNPUGP0J0zI33VKHo)saved 3972 bytes d0fe6dd2251f4ad74640c46da0ad2b1262613135
info: [img]
info: [decodingLevel=0] found JavaScript
error: undefined variable data
error: undefined variable GDATA[data[0]]
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var GDATA[data[0]] = 1;
error: line:1: …^
suspicious: → http://w.urlquery.net/report.php?id=1401366030071
On some links like http://w.urlquery.net/report.php?id=1412356965900 avast Webshield detects JS:Iframe-DWL[Trj]
Some form of protection granted, but enough to protect against the generic detection?
polonus