HTML:Script-inf at http://videohat.masrawy.com

system · January 6, 2010, 5:35pm

Hi,
i got “HTML:Script-inf” warning while openning http://videohat.masrawy.com or any internal page
please any body can tell me why !?
Thanks
??? ??? ???

system · January 6, 2010, 5:50pm

I get a network shield block on this site…


06.01.2010  17:38:27  Network Shield: blocked access to malicious site videohat.masrawy.com/ [ C:\Users\Scott\Portableapps\FirefoxPortable\App\firefox\firefox.exe ( 3340 ) ]

system · January 6, 2010, 5:54pm

spg SCOTT post:2:

I get a network shield block on this site…


06.01.2010  17:38:27  Network Shield: blocked access to malicious site videohat.masrawy.com/ [ C:\Users\Scott\Portableapps\FirefoxPortable\App\firefox\firefox.exe ( 3340 ) ]

any explanation ?!

system · January 6, 2010, 6:03pm

For it to be added to the network shield, it will have to be known to distribute malware…

I am not sure why you get what I imagine is a webshield detection though.

Some of the script is causing an alert (image) It seems as though the .js files are infected…there could be more also…

jsejtko · January 6, 2010, 6:06pm

Hello,

The server was hacked and used for malware distribution. Please check its security or inform webmaster/owner. We were detecting live PDF exploits on that server in following location:

videohat.masrawy.com/chimg/.s/(REMOVED)

The file looks to be currently removed, but please let us know, if you or someone else checked it and fixed it → after that I’ll remove your server from block list. You have to know that if any other exploit will be detected on that server again → we will block it again to protect our users.

Regards

polonus · January 6, 2010, 6:35pm

Hi jsejtko,

The last time mentioned site was found to have suspicious or malicious code on it was on 2009-12-12.
Malicious software includes 13 trojan(s), 7 exploit(s).

This site was hosted on 1 network(s) including AS24863 (LINKdotNET-),

The Bad code detektor gives:
No zeroiframes detected!
Check took 12.74 seconds

(Level: 0) Url checked:
hxtp://videohat.masrawy.com
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (iframe source)
hxtp://www.masrawy.com/phpsso/default.aspx
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
hxtp://www.masrawy.com/phpsso//phpsso/webresource.axd?d=ejjwxo3qzihbmtckouknxa2&t=633953619447812500
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/js/chrome.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/ajax/cpaint2.inc.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hXtp://videohat.masrawy.com/js/myjavascriptfx.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/js/scripts.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/js/indexonly.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/js/myjavascriptajax.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/js/myjavascript.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com/js/swfobject.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://videohat.masrawy.com///secure-uk.imrworldwide.com/v60.js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://www.masrawy.com/new/js/analyticscode.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source) This could also have been cleansed now…
hxtp://www.masrawy.com/new/js/));
Blank page / could not connect
No ad codes identified

Checking with DrWeb’s: hxtp://www.masrawy.com/PhpSSO/default.aspx
File size: 2895 bytes
File MD5: 46ff62e1d29268d9f20aba75e7436bf5

hxtp://www.masrawy.com/PhpSSO/default.aspx - archive HTML

hxtp://www.masrawy.com/PhpSSO/default.aspx/Script.0 - Ok
hxtp://www.masrawy.com/PhpSSO/default.aspx/Script.1 - Ok
htxp://www.masrawy.com/PhpSSO/default.aspx - Ok

Checking: hxtp://videohat.masrawy.com/js/myjavascript.js
File size: 13.34 KB
File MD5: 5368520fef83e9a00ce59e21be70e878

hxtp://videohat.masrawy.com/js/myjavascript.js - Ok

Checking: hxtp://www.masrawy.com/new/js/AnalyticsCode.js
File size: 1194 bytes
File MD5: bb9b4c18169b066439100227ef033ec0

hxtp://www.masrawy.com/new/js/AnalyticsCode.js - Ok

Checking: hxtp://videohat.masrawy.com/js/swfobject.js
File size: 6880 bytes
File MD5: 66d41ec7090bbdde87e09a309dea6661

hxtp://videohat.masrawy.com/js/swfobject.js - Ok

Checking: hxtp://videohat.masrawy.com/ajax/cpaint2.inc.js
File size: 36.67 KB
File MD5: ca6c2f0b81110498c4fcb2099019e992

htxp://videohat.masrawy.com/ajax/cpaint2.inc.js - Ok

Checking: hxtp://videohat.masrawy.com/js/chrome.js
File size: 6395 bytes
File MD5: d51e53c9316d7c3d7d1dd444bc36dc34

hxtp://videohat.masrawy.com/js/chrome.js - Ok

Checking: hxtp://videohat.masrawy.com/js/Scripts.js
File size: 8829 bytes
File MD5: 85540881b953b63f2da95e439af13cbe

hxtp://videohat.masrawy.com/js/Scripts.js - Ok

Checking: hxtp://videohat.masrawy.com/js/myjavascriptfx.js
File size: 2735 bytes
File MD5: d7bc8c57bd33cfe4813526be30900ab6

hxtp://videohat.masrawy.com/js/myjavascriptfx.js - Ok

Checking: hxtp://videohat.masrawy.com/js/indexonly.js
File size: 4806 bytes
File MD5: a43e14f2f2b10ffcb185bda2cfeb8dc6

hxtp://videohat.masrawy.com/js/indexonly.js - Ok

Checking: hxtp://videohat.masrawy.com/js/myjavascriptajax.js
File size: 1258 bytes
File MD5: 2d9310b9afe2acd826964ee754ea110b

hxtp://videohat.masrawy.com/js/myjavascriptajax.js - Ok

Checking: hxtp://videohat.masrawy.com
Engine version: 5.0.1.12222
Total virus-finding records: 917142
File size: 186.21 KB
File MD5: 885c8c00c100e85e2750300e31d8da32

hxtp://videohat.masrawy.com - archive HTML

hxtp://videohat.masrawy.com/JavaScript.0 - Ok
hxtp://videohat.masrawy.com/javascript.1 - Ok
hxtp://videohat.masrawy.com/Script.2 - Ok
hxtp://videohat.masrawy.com/Script.3 - Ok
hxtp://videohat.masrawy.com/javascript.4 - Ok
hxtp://videohat.masrawy.com - Ok

polonus

system · January 12, 2010, 9:52pm

jsejtko post:5:

Hello,

The server was hacked and used for malware distribution. Please check its security or inform webmaster/owner. We were detecting live PDF exploits on that server in following location:
videohat.masrawy.com/chimg/.s/(REMOVED)
The file looks to be currently removed, but please let us know, if you or someone else checked it and fixed it → after that I’ll remove your server from block list. You have to know that if any other exploit will be detected on that server again → we will block it again to protect our users.

Regards

Hi,
We alwyas do some checks on our web sites with several tools and make sure it’s very clean , also we make quick revision on server security and everything is alright ,i believe that such file may existed before move hosting to linux server
anyway thanks agian and wait your actions as we recieved many complains from our users whose using avast
Regards,

system · January 13, 2010, 8:00pm

any updates ?? I still can’t access this website !

HTML:Script-inf at http://videohat.masrawy.com

Announcements