HTML:Script-inf found on our website

Viruses and worms
1

Hello I am trying to access our company website and it tells me this in the log file. Our website is www.nationalaerotech.com. Is this bad or what should I do? I moved it to the chest but it still would not let me in.

4/30/2010 6:19:26 PM 1272665966 SYSTEM 1476 Sign of “HTML:Script-inf” has been found in “C:\Documents and Settings\kwiggins\Local Settings\Temporary Internet Files\Content.IE5\5LYBDYG2\SpryMenuBar[1].js” file.

4/30/2010 6:40:04 PM 1272667204 SYSTEM 1476 Sign of “HTML:Script-inf” has been found in “C:\Documents and Settings\kwiggins\Local Settings\Temporary Internet Files\Content.IE5\K48M5A6U\SpryMenuBar[1].js” file.

4/30/2010 6:42:37 PM 1272667357 SYSTEM 1476 Sign of “HTML:Script-inf” has been found in “C:\Documents and Settings\kwiggins\Local Settings\Temporary Internet Files\Content.IE5\K48M5A6U\SpryMenuBar[1].js” file.

2

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=www.nationalaerotech.com

Diagnostic page for masihigeet.com
http://www.google.com/safebrowsing/diagnostic?site=masihigeet.com
Malicious software includes 20 exploit(s), 5 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

3

Hi kymjay

Make the link above non-clickable via wXw…
References to 1 suspicious domain found.
Moreover, Google currently lists this page as suspicious*
htxp://www.unmaskparasites.com/web-page-options/?url=http%3A//www.nationalaerotech.com
Kaspersky 01/05/2010 9.0.0.736 HEUR:Trojan.Script.Generic
also suspicious: * link - hxtp://masihigeet.com/uploads/ronkenoly-video.php

Of the 2 pages we tested on the site over the past 90 days, 2 pages resulted in malicious software being downloaded and installed without user consent. The last time suspicious content was found on this site was on 2010-04-26.

Malicious software is hosted on 1 domain(s), including travelservicene.com/
Malicious software includes 59 exploit(s), 17 scripting exploits.

This site was hosted on 1 network(s) including AS4323 (TWTC).

polonus

4

I am sorry, this is new to me and I do not quite understand. What should I do at this point? This is our company website, is there a way for me to get rid of the malicious content?

5

Hi kymjay

Give them this report:
http://www.unmaskparasites.com/malware-warning-guide/?url=www.nationalaerotech.com
The webmaster or the hosting company should cleanse because in some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. Also the website software should be patched and upgraded,

polonus

6

Information for Website Owners http://www.stopbadware.org/home/webmasters

Tips for Cleaning & Securing Your Website http://www.stopbadware.org/home/security

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

7

Reported Attack Page! in Mozilla

8

make that this

Malicious software includes 60 exploit(s), 17 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 5 domain(s), including bigfoot-design.at/, covershotslifestyle.com/, crystalhomes.co.in/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including cars-box.ru/.