Hi, I have encountered a problem to open my website with avast turned on,
I have tried in many computer and it gave me no problem, just avast,
What is going on?
I would appreciate your help,
Thank you,
Tommy
Object: hxtp://enjoyfreewifi.com/ | {gzip}
Infection: JS:ScriptIP-inf {Trj}
seems avast see a java script inside a compressed file it dont like
Zulu analyser http://zulu.zscaler.com/submission/show/1e2301cb7e7cd9e7a9cd0b78883367dd-1386141927
if you think this is wrong you can report it here http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply here
Thank you for the info, I have contacted about this matter,
Hope it can be resolved soon,
Great Day Ahead,
Tommy
Checked on your website, and found an external link to be checked: http:// → ’ ’
A code hick-up but probably benign:
enjoyfreewifi dot com/asset/bootstrap/js/bootstrap.js benign
[nothing detected] (script) enjoyfreewifi dot com/asset/bootstrap/js/bootstrap.js
status: (referer=enjoyfreewifi dot om/)saved 61884 bytes 3d17b19f7f5f55c6dfb112c4cc3cb2390351a31e
info: [decodingLevel=0] found JavaScript
error: undefined function $
suspicious:
avast detects JS:ScriptIP-inf[Trj] for your site, but does not flag on: htxp://enjoyfreewifi.com/asset/bootstrap/js/bootstrap.js and htxp://enjoyfreewifi.com/cms/asset/js/jquery.form-validator.min.js for that matter
Also this is not blocked by avast: htxp://enjoyfreewifi.com/asset/content/banner/2013_12_01_20_52_11_spot.jpg
This is being blocked by avast!: htxp://login.freewifi.com/login-user.html
and this is being flagged as malware also by Bitdefender’s Trafficlight: z.zisch dot net/scripts/js3caf.js → http://jsunpack.jeek.org/?report=7ce0a322472a7ecfa37d9443547bb215916c090a
(visit above link in browser with NoScript and RequestPolicy extensions active and in a VM/sandbox, meant for security researchers only)
What is? clicktrackUrl": “htxp://parkingcrew.net/track.php?click=caf&domain=freewifi.com&rxid=0&uid=MTM4NjE1OTc5NC4yNzM4Ojk1YWQ4OWYwZjk0Y2UzZTA5NmUwNjAzODJmZTBiODdjYTEyNzFjN2Q%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHx8fGJ1Y2tldDA0OXx8fHw1MjlmMWViMjMyMmVhfHx8MTM4NjE1OTc5NC4yNzY5fDRlMDU4NzlmMDk2ZjRiYzc5ZTg5NTFiOTgyMTViNjZhYWRiNTgyMDZ8fHx8fDF8fHwwfDUyOWYxZWIyYjhjNDg0Zjk0ZThiYTkwOHx8YnVja2V0MDkx&adtest=off”
This is “brandal” code: → https://www.virustotal.com/nl/domain/parkingcrew.net/information/
Anda tulus,
polonus
Hi, Mr. Polonus,
Thank you for all those interesting information,
I am sorry to make you waiting for so long,
I would like to hear your recommendation in order to repair my website,
Thank you,
Tommy
Hi tommythetimmy,
Your website seems now clean as a whistle - bersih sebagai peluit.
Selamat, Avast does not flag. Given clean here: http://sitecheck2.sucuri.net/results/www.enjoyfreewifi.com/#sitecheck-details
Also given clean with this Austrian recommended scanner: http://www.websicherheit.at/en/
You are good to go,
kind regards,
polonus
Another recent website with js3caf.js malcode: https://urlquery.net/report/d9debe68-70f7-4abb-be8f-0d1387f1fbd8
analysis: https://www.reverse.it/sample/2994f9808acf149a01bb11cb0495d0590ebe663027049c66b8b60d59e387b78a?environmentId=100
polonus
Only one to flag this script, e.g. Fortinet’s: https://www.virustotal.com/nl/url/bbe092eef6585efba946db9d8c4173547a81224809bb34fde6ac8eb3146231c4/analysis/1523219809/
But as we analyze it, we find
-d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.jsUnique tracking ID code performed on a parking site, on nginx
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined variable scriptPath
error: undefined variable domain
error: undefined variable uniqueTrackingID
info: [decodingLevel=1] found JavaScript
polonus (volunteer website security analyst and website error-hunter)