iframe-kd

I recently switched to Avast on mine and my daughter’s computers.
When she tries to go to the web site of her soccer league, hXXp//totalsportscomplex.com ,a warning pops up saying that a Trojan Horse was detected but Avast stopped it before it entered her computer. It happens with both IE8 and Safari as browsers. The info in the warning pop up is: File Name:hXXp//totalsoccercomplex.com/{gzip} ,Malware Name: HTML:IFrame-KD [trj] ,Maleware Type: Trojan Horse ,VPS version 091208-2.
As I said, I also have Avast on my computer but have no trouble gaining access to the web site.
In her log view other than the Totalsports entries there is one entry for hXXp:badware-exterminator.org/{gzip} that found IFrame-inf.
Is her computer infected?

Thanks,
FK

Welcome Faygo Kid

Please read:
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414

The site owner has to fix the infection and prevent further infecions by changing the passwords and updating the software they use to create the site.

Hi Faygo Kid, welcome to the forum :slight_smile:

Unfortunately the website has been hacked. There is an obfuscated script that is before the html tags which is against standards and shouldn’t be there. It is what is triggering the alert.
The script deobfuscates to an iframe linking to a Tokyo Hosted website that is obviously nothing to do with the actual content of the site.

http://www.UnmaskParasites.com/security-report/?page=totalsportscomplex.com

http://samspade.org/whois/kondo264.rsjp.net

As said the webmaster will have to clean the page, and also take preventative measures against future infections.


A post worth reading for the webmaster, by DavidR:

-Scott-

EDIT: By the way, this is not an indication that the pc is infected. It is avast! alerting to the fact that there is malware trying to download to your pc from a given website, and it is telling you it has stopped the infection before it has reached your computer.

Thank you for your replies. I didn’t understand why I was able to get to the site on my computer until I realized I was using Fire Fox with No scripts and AdBlock. I opened IE8 and tried to access the site and the warning popped up.
I’ll try to contact the host of the site and with your permission copy & paste your response as to the cause.

Thank you,
FK

You’re welcome.

No need to ask permission :wink:
it would probably be easier for you to just let them know of the link to this thread, as opposed to copy and paste…

-Scott-

The browser you use shouldn’t make a difference as avast doesn’t require the script to be run, so even with NoScript avast should still detect it.

So there is a possibility they have been made aware of it and removed the inserted script.