"Infection: js:Downloader-BAX [Trj]"

system · October 22, 2011, 5:35pm

Hi,

I am a new member.

Avast warns of a Trojan at the site <wXw.madrasgymkhanaclub.com> with the message

Infection: js:Downloader-BAX [Trj]"

The web master insists there is no Trojan on the site and some programs like Norton Security allow normal access to the site without warning. However Sucuri Site Check and AVG Site Check warn of malware.

Would be obliged as to how to ascertain the correct status and whether there are online tools for checking sites for virus/ malware

Screenshot attached.

Thanks.

Ranjit

Asyn · October 22, 2011, 5:40pm

Well, as you already know about the detections, how can we help you…??
http://sucuri.net/malware/malware-entry-mwanomalysp7
http://sucuri.net/malware/malware-entry-mwjs159

PS: It seems you’re using a funny resolution.

Pondus · October 22, 2011, 6:01pm

McAfee does not like it
http://www.virustotal.com/file-scan/report.html?id=1637ae735e6aa43a0e29f9cdf191feaf28ce30a1e7157b4e777e510e162f6506-1319306060

DavidR · October 22, 2011, 6:16pm

I will replicate my previous post so it is together with your new topic:
The site does appear to have been infected/hacked.

A quick confirmation - Avast isn’t the only thing which considers it infected http://sitecheck.sucuri.net/scanner/ and check for yourself, image extract of results below.

Pondus · October 22, 2011, 6:29pm

as i can see from the OP attached picture (not easy to see) it looks as there is a “images/us-lottery/something” added to the end of the URL ?

Asyn · October 22, 2011, 6:31pm

Yes, something like that, it’s not easy to read.

system · October 22, 2011, 6:32pm

That redirects to a 404 page, which contains the script at the end.

polonus · October 23, 2011, 10:32am

Here the site is given as suspicious in 2 instances: http://urlquery.net/report.php?id=5820

polonus

system · October 23, 2011, 10:45am

http://www.virustotal.com/file-scan/report.html?id=56bc16bd872a3e89a1d54d635a6055aa388cc70589c3b8cd1765075411b56bef-1319366226

Hi ranjit,
From one indian to another indian…
if u notice the alert by avast…it is not the site that is infected it is the picture that the site tries to load is infected…this happens often…it happened with me last week while searching the web for lord ganesha photos…so that is not a thing to worry chill!

Asyn · October 23, 2011, 10:50am

Well, I disagree, as the site is infected.

system · October 23, 2011, 10:53am

yup!

it seems to be…mcafee seems to be catching a java script in the site…the avast! guys need to investigate it…

Asyn · October 23, 2011, 10:57am

Why…???
avast! already blocks it.

system · October 23, 2011, 10:58am

huh!..redirection to fakeAV…WTF!..

xxx.troya.osa.pl/w.php?f=39&e=4

Pondus · October 23, 2011, 11:02am

Norman lab say infected

madrasgymkhanaclub.com.htm : Processed - HTML/Agent.QG

polonus · October 23, 2011, 9:49pm

Hi Pondus,

And sucuri is also certain about the fact that this site is being infected, as DavudR also reports above:

web site: -www.madrasgymkhanaclub.com
status: Site infected with malware
web trust: Not Blacklisted

Malware found there: http://sucuri.net/malware/malware-entry-mwanomalysp7
malware found in -www.madrasgymkhanaclub.com.index.php

polonus

"Infection: js:Downloader-BAX [Trj]"

Announcements