Is this a False Positive? JS:Redirector-E [Trojan Horse] - screenshots

Is this a false positive?

avast! reports a JS:Redirector-E [Trj]

Site: http://kaddas.org

I have not used another AV to visit the site, could anyone confirm this really is malware or a FP.

Thanks

BTW, I have informed the site owner.

First alert image.
It appears that the site may have been hacked as there are two huge chunks of obfuscated javascript in two script tags after the closing table tag.

These script tags are pushed well out to the right so if the user looks at the page source they won’t see the script tags. I have a 1920X1200 screen and it isn’t in view even in full screen mode.

Second alert image.
This looks like the file was saved into your browser cache, no point in doing anything other than clearing your browser cache as any suspicion of an infected file, clear the cache. The abort connection of the first alert should have stopped it getting down to the cache, why it didn’t I don’t know. Perhaps your use of a sandbox may have still downloaded it into the cache, but the standard shield provides another level of protection.

Apparently not:
http://www.UnmaskParasites.com/security-report/?page=kaddas.org

There are 2 long, obfuscated scripts that are suspicious, plus the suspicious links in the unmaskparasites report.

i don’t really get the second image, you actually bypassed the Web shield for the site ???

-Scott-

EDITDavidR was quicker :wink:
I wasn’t sure about the moving it to the right though, I thought it was odd but…

Can you check the site again, thanks.

The site owner, got back to me and removed the bad stuff.

I am currently using a trail version of Eset, so avast! I don’t have for 60 days.

Not a lot of point in checking it, there is nothing there just a jpg image saying coming soon.

So the site is clean again?

Thanks.

Hi stormer,

It would appear that the site is clear.
However all that is shown is an image (like DavidR said) saying coming soon and a flash object below (although when allowed, it doesn’t seem to do anything).

-Scott-

Well I wouldn’t say that the site is clear again. as there is no content (site) there but a place-holder page, coming soon ???

I think the images were the other way round (if I remember correctly) ???

I’m confused, you saw the images the other way round or attached them the other way round?
(I was referring to avast2.png in that post)

Sorry to confuse you, but the images are in the correct order - just looked at the timestamps of each screenshot.
It’s avast1.png then avast2.png