HTML:Script-inf at actorsaccess.com

Viruses and worms
1

I’m getting the warning notice: HTML:Script-inf intermittently at actorsaccess.com. My only option is to abort the page.

Is this a false positive?

2

We need the full URL details of the detection ?

Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.

If it is within the site that you need to be a registered member to access it, then I won’t be able to check it out. However in the past the avast web shield has been very accurate in these detections and hacked sites are on the increase.

See http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/.

3

Here is the full URL details:

1/4/2010 5:48:30 PM 1262656110 SYSTEM 328 Sign of “HTML:Script-inf” has been found in “hXXp://www.breakdownservices.com/” file.

There have been 8 notifications in the last 2 months.

Thank you for your help.

4

Since this isn’t a part of the site you initially mentions, I can only presume it is a link from that site to the breakdownservices.com site ?

That site has been hacked as there is a script tag directly after the HTML Head tag and before the Body tag, this is something of a standards no, no and is a bit suspicious. That is what I believe avast is alerting on, see image.

This domain (aakv.ee) is in Estonia whilst the breakdownservices.com domain is in the USA, so I would say that just makes this scripts location more suspicious.

5

Hi amfnla,

What is the present status of wXw.breakdownservices.com?
The site is not suspicious at the moment and also not flagged by Norton Safe Web scanner.

But a part of the site has been reported twice recently because of suspicious activities, well here you go.

Of 119 pages we have been testeing, 18 pages have been downloading malicious software without user’s consent.Malicious software includes 3 scripting exploit(s), 2 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Schadelijke software is being hosted on 1 domain, e.g. nergizcafe.com/ this site has been infecting 192 sites- Malicious software includes 3258 scripting exploit(s), 24 exploit(s), 13 trojan(s).

The site actorsaccess.com was hosted on 1 network(s) including AS35908 (VPLSNET),

polonus

6

Thank you for your help, i will forward this information to Breakdown Services.

Breakdown Services is a portal to Actorsaccess.com.
Is this what you mean by the present status?

7

You’re welcome.