HTML:Agent-DJ [Trj] on the pages

Avast Free Antivirus / Premium Security
1

Hi!

Our users suddenly begin to claims that pages with photos in our site (for example, from http://io.ua/all_pic.php?x=d1359789601) are infected by HTML:Agent-DJ [Trj]. Browsers are try to open some kind of strange address http://io.ua/24116276p|{gzip}

This is only observing with the Avast antivirus.

I do highly appresiate any comments whats wrong.

Thanks in advance,
Andrew.

2

Sucuri report
http://sitecheck.sucuri.net/results/io.ua/

3

Thank You, Pondus!
I will remove that code.

But seems its a mistake of the scanner. Odnoklassniki.ru is one of the biggest russian social network.
http://sitecheck.sucuri.net/results/stg.odnoklassniki.ru

4

dont seem to have a good reputation ???

http://urlvoid.com/scan/odnoklassniki.ru/

hpHosts list it as EMD http://hosts-file.net/default.asp?s=odnoklassniki.ru%2F

•[b]EMD[/b] - sites engaged in malware distribution This classification is assigned to website's engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).

Sites with this classification typically either contain files (e.g. cracks, keygens, adware, spyware, trojans, viruses et al) or lead to such via (for example) “fake scanners” or other social engineering and misleading tactics. This includes the activities of rogue Internet Service Providers (ISPs) that host other sites to which the EMD classification applies.

5

I remove all the code of odnoklassniki.ru from the pages.

Tell me, please, how one can remove the site from the Avira’s blacklist?

6
Tell me, please, how one can remove the site from the Avira's blacklist?
Then you need to contact Avira ...
7

Sorry, I meant - Avast

8

HTML:Agent-DJ [Trj]…It is not a url block, detection should be gone when the infection is removed

Stiil detection by sucuri. http://sitecheck.sucuri.net/results/io.ua/

If you think this is wrong you can report it here. http://www.avast.com/contact-form.php
You may add a link to this topic in case they reply here.

edit: detection changed again http://sitecheck.sucuri.net/scanner/

9

Thank You, Pondus!

Really, its a third detection already.

Btw, the code was commented and thus not active.

I remove it as well and waiting for the new surprises :slight_smile:

10

My great respect to You, Pondus!

Now the site is Verified Clean :slight_smile: