JS:ScriptPE-inf [Trj]

Can someone check out this site that was flagged by my web shield. Also, if it isn’t an FP how can I contact the site admin w/o actually going on his/her site?
xxxx://www.tribuneindia.com/2000/20000123/spectrum/main.htm

Do a whois search for tribuneindia.com that should hopefully return some contact information.

Looks like they may be aware of it as that page isn’t available, 404 error.

But I managed to bump into another on hXXp://www.tribuneindia.com/2000/20001223/ there is an inserted script tag directly after th opening Body tag (on the same line). This is a single (lone line of obfuscated javascript so it looks like the site has been hacked. See images, I have broken down the single line to make it easier to see.

There is also another just before the closing body tag, same sort of obfuscated javascript. This is likely to be the same for other infected pages just after the opening or before the closing body tags.

Slightly off topic, sorry

Hello DavidR,

I just tried to look at the source code (trying to learn more on noticing these things) for the link you gave (using a couple of source code viewers), and avast alerted on the pages generated.
Usually I find that this doesn’t happen (maybe it does and I am not usually looking at this kind of infection when looking at other sites reported) and the source code is displayed in a text format for me to look at.
Is there any way to veiw the code without direct access and viewing of the source code?

-Scott-

It doesn’t matter if the code is displayed in text mode as that after all is all it is displayed in when contained in an html file, which is also a text file of sorts.

One of the tools I use I have to exclude the specific analysis results page.

Does this mean that I have to exclude the site that I use to view the source code?

EDIT:yawetag,
If you are going to contact the owner of the site here is the Whois search. The email address is near the bottom of the page.
http://whois.domaintools.com/tribuneindia.com

Include the details of what has happened and also a link to this thread may help.

-Scott-

If you are getting an alert on an analysis/diagnostics page, yes, you will have to exclude (web shield, exceptions) only the page effected and not the site as my image shows. You can copy and past the path from the web shield alert.