Hello - I wanted to access a site provided by Harper Collins, which provides an answer key to a Latin learner’s text I am working on. Each time I try to access the site, I get the flag for JS:Illredir-CI [Trj].
I have run all kinds of programs, and can’t seem to pick this up. Is this a false positive, possibly? Anyone with this?
If you could possibly provide us with a link to the site which provides the alert, someone could take a look at it.
Please when posting the link could you deactivate the link by replacing http with hXXp. This will deactivate it and prevent others from potentially becoming infected.
i would be very careful when dealing with such web-based malware attacks… even legit sites may be hacked and refer to some malware sources… providing a link can discover what’s happening there
While the above is the link, I see at the end of the AVAST flag that is a .gzip. Please forgive this tech-challenged, would-be classicist for any inaneness…and thanks very much.
Can I ask, what part of the UK do you hail from? My wife and I once visited the Midlands - Hook Norton, Chipping Norton area, then on to Oxford, Warwick, and as far north as Stoke-on-Trent. A brewer at the time, it was a … brewery tour.
A beautiful trip, miss our time there very much, hope to go back. Our lad was…instigated…while on English soil, and we’d like to bring him back, as we are both lovers of history (he’s not yet 10, but has the bug). (the Warwick Kingmakers have always grabbed me).
Ahhh…absolutely loved your city. Spent the first portion of our trip there, a lot of nights up on Fleet Street (spent the entire evening, once, at the Black Friar, talking about The Blitz with two gents retired from the printing house across the street…what a great gift of history), a night at the White Horse in Parson’s Green (with Michael Jackson…the late beer writer, not the late “King of Pop,” and whatever else he was), and a good many others, to include some memorable meals in Victoria Station (I think it was the Victoria Station area), and breakfast at the Chelsea Kitchen.
I’m new & unsure if I should’ve started a new thread…?
I was attempting to access hxxp://www.deathsincustody.org.au/ (the Avast threat warning/trojan blocked pop-up displayed it as hxxp://www.deathsincustody.org.au/misc/drupal.js?c) and was warned of a threat. I accessed this site late Sunday night - early Monday morning (4-5 July) and received no warning. I’m just wondering if (as above) this is a false positive?
Also, when I typed ‘JS:Illredir-CI[Trj]’ into google & attempted access to this forum, I got the google warning thing saying that this site was (sorry I’m working from my patchy memory…) unsigned or maybe untrusted site, something like that? I added a one-time exception so I could read the thread.
Many thanks in advance for your assistance and/or patience
Thanks for the prompt response . I started a full-system scan a few minutes ago. The version I have is 5.0.594, I heard the mechanised voice announce an update last night. I have Comodo Firewall (zero intrusion attempts blocked), Malwarebytes & BitScan QuickDefender. I haven’t re-booted as yet but will do so when the scan’s finished & I’ll also run Malwarebytes. Whenever I clicked on a link within the site (ie Contact Us) an Avast box would pop up saying Trojan threat blocked (this happened 3 times before I realised I should probably pick up my skirts & run…); there is nothing in my virus chest. I’ll forward any details if scans detect anything or any troubles re-booting. Many thanks for your time and assistance.
Do NOT boot or restart your machine if there is any chance of a virus.
Do you have your Avast settings at default or did you change them? If you have a virus, put them in the Virus Chest if it asks you. It will quarantine it there, but you can still restore it should you need it.
Yes, run a FULL MBAM scan to play it safe. If anything positive comes up, copy and paste the scan log here.
This alert is very similar to that of the one above. An inline script has been inserted into the end of the javascript file that you see in the alert.
It points to the malicious domain seen in the image, which the network shield blocks.
This is definitely not a false positive and the site has most likely been hacked in the last couple of days judging from your description.
This would be because the link you were given by google was a https link, so it would be secured. The reason that you are warned, is that the certificate is self-signed.
Using https is not needed to view the site, you can just take the s off the https and it will work just as fine…just that some people prefer having the secured connection.