JS:ScriptIP-inf

Hello,

Recently I have received that visitors visiting my site gets error that there is trojan on my site.

I have checked it:
hXXp://www.virustotal.com/analisis/e93601eeb034461ced725ba6a78fb8b9b0265456550b2908e52855dab0513701-1274709989

And it found JS:ScriptIP-inf

I have checked the source, but I can’t see anything strange that can be infected.

Also some users said that there is VIRUS on hxxp://www.atomicwarez.com/{gzip}

But when you call that URL it gives 404 error and redirects to main page. So I can’t found where that virus is.

Can anyone explain where is malicious code on my site? Or is it just a false report?

site is hxxp://www.atomicwarez.com

Hi sanis,

The site you mention is a Dutch site, that has been given the all green by Norton Safe Web,
and by unmasked parasites so far.
However I have found this there: [iframe] s7.addthis.com/js/250/javascript:
http://www.google.com/safebrowsing/diagnostic?site=www.addthis.com
, 1 page resulted in malicious software being downloaded and installed without user consent,
and the last time suspicious content was found on this site was on 2010-05-09.

Malicious software is hosted on 1 domain(s), including addthiscdn.com/.

This site was hosted on 1 network(s) including AS3549 (Global Crossing Ltd.).

But again other malware can also be found via external links:

polonus

So you say that addthis is maliciuos site, and that causes that it is trojan on my site?

It is only detected by avast, so… ???

VirusTotal - atomicwarez.com.htm - 3/41
http://www.virustotal.com/analisis/bfde7ab4ab8ce78310678074215921df1dbf0da298359261e2fe5c8389974c64-1274720843

Hi Pondus,

Consider what I have posted here: http://forum.avast.com/index.php?topic=44380.msg371571#msg371571

Website cleansing proposition: http://codex.wordpress.org/FAQ_My_site_was_hacked

polonus