Gorillavid.in Malicouse

Viruses and worms
1

Hello,

So I’ve used this site literally thousands of times to just watch movies. I used it just yesterday. No issues. Now Comodo (I know this is avast!) is blocking it. Is the malware there? Or is this just Comodo being a dink? I’ve disbaled, exited, killed all the tasks and the DNS warning is still there. Can someone (8Cough Polonus Cough) check it and explain to me if there is an issue?

2

Sucuri report http://sitecheck.sucuri.net/results/gorillavid.in

urlvoid http://www.urlvoid.com/scan/gorillavid.in/

result fom scumware … results are from 2012

Query results URL MD5 IP Threat 2012-08-16 23:41:20 hxxp://gorillavid.in/404.html=GZ=file.htm D95B7F294967DD160EF3FC01D44BAF66 178.17.165.170 MD [b]HTML/ScrInject.B.Gen[/b] virus 2012-06-12 11:18:40 hxxp://gorillavid.in/iqwgbdjonj66 FBD1A1E743EAB6E59556637CA1562654 178.17.165.170 MD [b]HTML/ScrInject.B.Gen[/b] virus 2012-05-30 06:31:33 hxxp://gorillavid.in/404.html FBD1A1E743EAB6E59556637CA1562654 178.17.165.74 MD [b]HTML/ScrInject.B.Gen[/b] virus

IDS alert here http://urlquery.net/report.php?id=7246189 / http://urlquery.net/report.php?id=1888330

Zulu analyser suspicious http://zulu.zscaler.com/submission/show/c88eda272c79f178e3a777a04e674b3e-1383079455

3

Why isn’t Avast! alerting then? I just went back too. It’s now blocked as “Prohibted Content”

I bombed that spelling

4

Security Alerts: Suspicious IFrame Check: http://ads.gorillavid.in/gorillavid-300x250-invideo.html
Suspicious Javascript: Suspicious econds())*100000000000000000; document.write(unescape(‘%3cscript type="text/javascript" src="htxp://max.gunggo.com/show_ad.ashx?type=pop&sid=3810&cid=4907&cb=’+cache_buster+'"%3…
Included script: Suspect - please check list for unknown includes htxp://ads.gorillavid.in/script/ad.php?zone_id=55&width=600&top=360
The malware mentioned in these three instances seems now to been closed: http://support.clean-mx.de/clean-mx/viruses.php?domain=gorillavid.com&sort=first%20desc
See: http://jsunpack.jeek.org/?report=f50a29d7089ff9022a117c0c84854ef462af59ec
malware history: http://www.scumware.org/report/178.17.165.74

polonus