HideMe

Hi,

I hope you can help me - I’m struggling a bit with this one.

Avast is reporting that one of my websites; test3.stewart-cruickshank.com has the HideMe trojan virus, and web-shield is blocking access.

I have looked in the .html files and cannot find it. I also tried running it through sucuri which didn’t seem to find it, and http://aw-snap.info/file-viewer. All to no avail.

Do you know what I could do next to look for it?

Many thanks,
Stewart

Hello,
see the attached image. In red rectangle is the detected part.

Milos

IP address for the URL in Milos Picture is on 5 Block lists…

xbl.spamhaus.org
zen.spamhaus.org
spam.dnsbl.sorbs.net
cbl.abuseat.org
l2.apews.org

Probably also more malware on same IP: http://urlquery.net/report.php?id=3845685
Suspicious code:
est3.stewart-cruickshank.com/wp-content/themes/hayden/js/trust.js?ver=1.0 benign
[nothing detected] (script) test3.stewart-cruickshank.com/wp-content/themes/hayden/js/trust.js?ver=1.0
status: (referer=test3.stewart-cruickshank.com/)saved 3179 bytes 0151640349dcf5126c03debb4f35386d4a01e9bd
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined function jQuery
suspicious:
See: http://jsunpack.jeek.org/?report=ae64e606b3554aca4a1f576ce7aa485f1d1e2077

But avast does not flag it anymore: given clean here: http://quttera.com/detailed_report/test3.stewart-cruickshank.com

polonus