Not the site being scanned in urlquery, but the actual site ???
Object: hxxp://urlquery.net/report.php?id=1399722872505 | {gzip}
Virus: JS:Includer-AVD [trj]
A bit confusing info … so the site scanned at urlQuery (bramjnet.com) is not the actuall site?
Or are you saying avast give detection at urlQuery site?
A screenshot of avast warning would help…
It is the urlquery.
also this file seem to come with urlquery site
https://www.virustotal.com/en/file/9953feaa930b2c2d3cdd4af2b565b29db23022edf43cd7f93a797be4cbe638f3/analysis/1399724415/
i suspect a false positive on urlQuery website…
anyway, to check your computer …
follow instructions here and attach malwarebytes and OTL logs http://forum.avast.com/index.php?topic=53253.0
Not only avast detects but also eSafe as Win32.Trojan: http://killmalware.com/bramjnet.com/
The malware resides in: htxp://www.bramjnet.com/vb3/clientscript/vbulletin_md5.js?v=381
See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.bramjnet.com%2Fvb3%2Fclientscript%2Fvbulletin_md5.js%3Fv%3D381&useragent=Fetch+useragent&accept_encoding=
It was up here: Up(nil): unknown_html ARIN US abusereports at versaweb dot net 208.64.26.42 to 208.64.26.42 bramjnet dot com htxp://www.bramjnet.com/vb3/showthread.php?t=55573
But seems closed now: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&domain=bramjnet.com
→ http://quttera.com/detailed_report/support.clean-mx.de
Not a false positive, it was real, but seems to have been closed, - in offending raw content: htxp://www.fixcleaner.com/trialsetup.exe
polonus
P.S. It looks safe!
But… Sometimes antiviruses will not detect dangerous files/URLs/domains, so you must be wary! Do not open files and links from unreliable sources. You must be very careful with executable files (exe, dll, scr and etc) and documents of different formats (pdf, doc, xsl and etc).
D
http://i.imgur.com/oQZAjAo.png
Detection is correct
there is redirection to
http://i.imgur.com/5FJOcke.png
Which is blocked.
also known malvertisement
see attached
Hi jefferson santiag,
Thanks for re-checking and the confirmation of the detection.
pol
It seem both you guys are scanning the bramjnet.com URL … that is not the URL the poster have problems with
He get detection on the urlQuery link … this one urlquery.net/report.php?id=1399722872505
Object: hxxp://urlquery.net/report.php?id=1399722872505 | {gzip} Virus: JS:Includer-AVD [trj]
You are welcome!
avast detects
because he found this trojan on banner
where in the scan of the URL urlquery,it did modify its variant.
is included blacklist
http://www.urlvoid.com/scan/bramjnet.com/
IP is hosted by Malware Domain Blocklist
http://urlquery.net/report.php?id=1399765483349
Suspicious JavaScript code injection.