Getting malware blocked message....

at various hxxp://www.supairball.com things such as if you click under Compition Edition and under Tournament the PSP Race2 link. If you click on the 8 Trees item it pops up. After looking at the source code i noticed they use Urchin site tracking
//<script type="text/javascript"> //_uacct = "UA-2169221-1"; //urchinTracker(); //</script>

I am wondering if this could be the cause of the alert? If so is this a safe site?

Well aside from it not being wise to post the actual suspect script as avast might alert on the very topic you are seeking help. So always best to use an image of the suspect script.

However, that said I rather doubt this is what avast is alerting on.

But I don’t get any alert under Competition Edition and under Tournament the PSP Race2 link or the 8 trees you mentioned.

from what I know of java if you use // in front of the line then it is not parsed as it is used for putting comments into code. I also previewed to be sure it wouldnt be parsed as html either.

I am not getting the threat detected on the trees anymore, but am getting it on the 5 medium doritos, 2 small doritos, and 2 bricks

Hi AirUps,

There is some obfuscated code here: www. supairball.com/site2008/images/swf/menu.swf
This is now connecting nowhere now: (Level: 1) Url checked: (frame source)
htxp://www.supairball.com/vide.htm
Blank page / could not connect
No ad codes identified
There was a script source for the active content javascript: src=htxp://ragero.ru/rose/indexv.php
Certainly a malware site, so all odds are against this site not having being infested via

(Level: 2) Url checked: (script source)
htxp://www.supairball.com/site2008/…/scripts/ac_runactivecontent.js
Blank page / could not connect
No ad codes identified If this malware already has been cleansed?

What else the ragero. ru/rose hack has left there besides a Trojan.JS.Agent…,
but supairball. com must still be vulnerable,

polonus

The avast web shield doesn’t parse the script so could still alert if this were truly what was being alerted on. So it is basically a safety first option or we could be locked out of the topic by avast itself.

There is a hidden iframe in that 2 bricks link and that is what is being alerted on and avast isn’t the only one to find it suspect.
http://www.virustotal.com/file-scan/report.html?id=3738eada729e662fdccd278b00045afcaf11a93b3cec6e397f510d865d05bb1c-1300480805

So there is a possibility that the site may have been hacked.

Hi DavidR,

And the RAGERO. RU malware site IS ONLINE :), adding malicious coding to other sites,
see: http://lists.clean-mx.com/pipermail/viruswatch/20091113/012030.html
see: http://ragero.ru.w3spy.net/

polonus