However, when I try to visit it, Avast blocks it claiming an infection of JS:Redirector.
I don’t have any virusses on my PC, I have checked it on other PC’s also running Avast, they all show the same warning. I have asked the AVG online link scanner to check it, and it is reported clean. The web host also reports it clean.
Is this a false positive?
How do I enable access or get Avast to overcome this?
I don’t understand how that will help. There is malicious code in the site. That’s surely the web host’s responsibility. Perhaps they are assuming the code is stuck in Google’s cache?
A question regarding this js:Redirector-KE [Trj] alert -
A forum I frequently visit has been infected by this script, how will it affect my personal computer if I do log in to the forum?
I did some reading about this, and from what I gather this is mainly about placing redirect scripts in web sites. So how does it affect me, as the end user?
Just to clarify: Avast IS blocking my access to the forum, but when I access a specific thread (from a link in a notification email) I do manage to access the site. And that has happened yesterday, when I wasn’t aware of the problem. Then, when I tried accessing the forum from the browser, I got the “Threat has been detected” alert, and then I ran the scan - and Avast did find infected files on my computer.
So, my question is, how were those infected files affecting me? Assuming this is only redirect scripts, what could it have done to my computer?
And, should I wait for the site owner to clean those redirects, or is it no risk for me to access it anyway?
I hope this is not a stupid question to ask ;D Its just that I’m no security expert, and the only info I have is based on what I read in the last couple of days regarding this issue.
So I would love it if someone here could clarify this a bit more for me.
True, I was referring to a different site (and I’m a she :)).
And the forum I’m talking about is still infected according to my Avast (but I know the site owner is working on cleaning it).
I was just wondering how will it affect me to access it anyway. Anyone knows?
What does this virus do to the user’s computer?
Polonus, thank you for the proxy tip & link, didn’t know I could do that. Cheers.
Redirecting scripts can mean real trouble depending as to what silent download site you are actually being redirected to by a particular malscript. If you give us the non-cklickable URL written like hxtp or -http or wXw, we can scan the site for the actual redirecting script that is there, and give you an explanation about the established risks involved. I absolutely won’t go to a site flagged in that way. That is why I advised that particular proxy, because the script will then stay at that security proxy site. You can also decide to disable javascript on the proxysite and then you do not run any risk whatsoever.
That is why a lot of educated browser users have NoScript add-on installed in Firefox or the NotScripts extension in Google Chrome (easy to toggle, great for protection) installed, so redirecting and other javascript malware cannot get to endanger their comp via their browsing.
Malcoded (obfuscated) javascript is one main online browsing threats as there are furthermore malicious iFrame (also function through malcoded javascript), SQL attacks etc…
So now I hope you understand why you have to take notice as avast rings an alarm via one of the shields while visiting a particular infected site. The avast guys do everything to be as accurate as can be in flagging these threat-sites, believe me. And I keep an eye out every day that there isn’t a single suspicious URL that does not enter that avast sinkhole (as there are others like for instance Pondus, Asyn, spg Scott, and many others here),
Thank you Polonus for the detailed reply, I appreciate that.
The site I’m talking about is: wxw.abeforum.com - it would be great if you could have a look.
As for idoproxy - I forgot to update you guys, but accessing the abeforum via idoproxy still gets Avast to alert the threat and block it.
I did try the marking idoproxy’s “block scripts” option and then accessing the forum, and that worked ok for the forum’s main page, but then I couldn’t navigate to any sub forums / specific threads (the screen would remain empty, except for the
Home" link that leads back to idoproxy.
Again, thank you very much for the detailed answer.
I’ll wait to see what your scan will yield.
I’ll clarify my question (I did click on the link before asking) -
what does “The desktop must be cleaned first. Use multiple AVs if necessary, since this virus is very good at hiding from the current AV that is running.” mean?
What is “the desktop” - is that my personal computer?
And what are “multiple AVs” (what’s an AV)?
