using FIREFOX (NOT INTERNET EXPLORER) Avast alert me with the following message:
CAVALLO DI TROIA BLOCCATO
La protezione web di Avast! ha bloccato un sito o un file dannoso.
Dettagli dell’infezione
URL: “hxxp://agrifarma.com/p/as?68987”
Processo: "C:\Programmi\FirefoxPortable\App\firefox.exe
Infezione: “HTML:RedirME-inf [Trj]”
It’s a false Virus Alert?
And I dont’ undertsand why opening my page on Myspace there’s a redirection to this strange URL “http://agrifarma.com/p/as?68987” (I didn’t put any kind of redirection code on my page!)
This detection is correct. Suspicious coding I saw was on line 171. Decoding the Base64 turns out an eval which then gives us a random “as?”.
Search “Array.parse(MySpace.Util.Base64Decode(” without quotes. When you find the line that the exploit is on, delete the whole line. Then your issue should be solved.
Using Explorer now I can see the source code of the page, and I can see the suspicious string you mentioned.
<This detection is correct. Suspicious coding I saw was on line 171.
<Decoding the Base64 turns out an eval which then gives us a random “as?”.
<Search “Array.parse(MySpace.Util.Base64Decode(” without quotes.
<When you find the line that the exploit is on, delete the whole line.
<Then your issue should be solved.
But how can I remove it? I need to use a MySpace editor?
I made my page just using the “standard” procedures and modules provided by MySpace…
Or in some way it’s possible to know exactly what content I inserted (a specific photo, the Bio, the Info…) now contain this suspicious code?
Knowing it maybe I can delete the specific content and re-insert it in “clean” way on my page…
Unfortunately I cannot access to this part of code of the Profile…
It’s generated by MySpace, and I cannot edit it…
I can directly edit and add or remove html only inside some module (Info, Latest Releases, Video…) but Myspace don’t give me access in any way to oher contents and to the code of the rest of the page…
The module containing the suspicious code don’t appear on my page… it seem invisible… not displayable, and unaccessible for me in any way for editing…
And maybe also specific MySpace editors cannot do it…
I’m glad if someone can suggest me a way to access to this part of code to remove the suspicious statements.
That is true, as the exploit attempts to load an image that isn’t there. When your browser receives the error, it loads the javascript, the link to the malicious site.
I do not use MySpace and don’t know how you edit in MySpace.