I contacted server management (we both use the same server) and they told me the infection must be local (on my laptop), because they could not find an infection on the website.
I did a full virusscan with Avast, but it didn’t find anything. I also did a full malware scan with Malwarebytes and all it found was 3 PUPs. I deleted all unneccesary add-ons in Chrome but it did not help, I still get the Avast message when I visit the website.
If there is an infection on my laptop I can’t find it. The strange thing is that I only get the above message on the website of my friend. Can anybody shed his light on this situation?
When you scan the VT detected uri it redirects: htxp://ontwerpjeleven.nl/omdenken/-webkit-gradientlinear%2C%200%25%20100%25%2C%200%25%200%25%2C%20fromrgb252%2C%20252%2C%20252%2C%20torgb221%2C%20221%2C%20221 redirects to htxp://ontwerpjeleven.nl/404-error/
VT also flags this: htxp://ontwerpjeleven.nl/wp-content/plugins/akismet/_inc/form.js
See: http://jsunpack.jeek.org/?report=45a7bca46d9f8e46af465c9dad8968061703814d
undefined variable js.parentNode
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var js.parentNode = 1;
error: line:1: …^ SEO Spam issues - htxp://downloads.securityfocus.com/vulnerabilities/exploits/23965.html
Exploitable code: attacker couldexploit something like <? echo 'escape("' .$_GET['AttackerString']. '");' ?> by simply bypass the javascript function: &AttackerString="); alert("xss in the case the html output would be: escape(""); alert("xss");
Quote info credits go to: Information Security's Nicolai (document.location.protocol XSS vulnerable?).