JS:Illredir-B[Trj]

Avast 5.0 is telling me that hxxp:runsurfcity.com is infected with this trojan horse. Using the recommendation of another thread here I checked unmaskedparasites.com and it shows the site as clean. Google’s Safe Browsing diagnostics also shows no problems.

Any ideas?

Terry

It looks like a number of the javascript files (see example images) have been hacked as they are pointing at a suspect site limitgap.ru, which doesn’t have a good rep, see http://www.runsurfcity.com/v/vspfiles/templates/RunSurfCity/Menu_Popout_Data.js. So it looks like the .js files on the site may well have been hacked.

There is an obfuscated var script that creates a script tag for that redirection.

I’m confused ??? If I view those two Javascript files, “limitgap.ru” doesn’t show up in them?

They won’t show the location in clear text as the last line of the files starting with the var is obfuscated, the only way I can show it in those images I posted is by having it de-obfuscated using an on-line tool.

Hi kk6t,

Hi DavidR, it is a good custom to make links non-clickable like hxtp or wXw…
Good detection because it is not generally detected as unmasked parasites and Norton Safe Web give the site clean,
and also here at http://www.urlvoid.com/

I get a failure here: htxp://jsunpack.jeek.org/dec/go?report=d5e185768c75a4daed5b439fa7848b6d838b93a2
Here we can see what happened: Check took 13.25 seconds
But this is what I get there, see attached picture…

(Level: 0) Url checked:
htxp://www.runsurfcity.com/
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://www.runsurfcity.com//a/j/milonic/milonic_src.js
Zeroiframes detected on this site: 0
No ad codes identified See picture added

(Level: 1) Url checked: (script source)
hxtp://www.runsurfcity.com//v/vspfiles/templates/runsurfcity/menu_popout_styles.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://www.runsurfcity.com//v/vspfiles/templates/runsurfcity/menu_popout_data.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://www.runsurfcity.com//a/j/javascripts.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://www.runsurfcity.com//v/unified.js.asp
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.runsurfcity.com//v///:
Blank page / could not connect
No ad codes identified
Directory Listing Denied^/h1This Virtual Directory does not allow contents to be listed.

(Level: 1) Url checked: (script source)
htxp://www.runsurfcity.com//v/vspfiles/assets/flash/flashgallery/ac_runactivecontent.js
Zeroiframes detected on this site: 0
No ad codes identified - limitgap*ru is detected and blocked: http://malc0de.com/images/8080_domains.txt

polonus

Thanks guys! :wink: You’ve really shown me some useful tools. I’ve emailed the site to let them know about the problem.

Thanks again for all your help!

Terry

No problem, glad I could help.

A belated welcome to the forums.

[My program is de-activated and i want to know how to reactivate it. It says i am not protected… thank you

Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help.

  • Go to this link, http://forum.avast.com/index.php, scroll down to the avast! Free/Pro/Suite forum and click it, click the New Topic button at the top of the list and post there.