Need a little help


Hi Everyone,

Sorry for not being here much lately but I’ve been a little busy.

Anyway, a friend in Kentucky emailed me about a web sire he visits often and it is … hxxp://www.kywgcap.org/ … which is a Civil Air Patrol site. Avast says it has an iframe-inf but the webmaster doesn’t believe anything is wrong.

Would some of you check it also?

Thanks!


URLVoid / VirusTotal URL / VirusTotal HTML / Unmaskparasites / Sucuri

all say CLEAN

Hi Charley,

It does appear to be infected. A default.css file is what causes the alert.

At the very end of the file there is an iframe which doesn’t belong…

See:
http://www.mywot.com/en/scorecard/get.setheo.com
avast is not alone: http://www.virustotal.com/file-scan/report.html?id=6b8bd20d835a333b57b8ebee39ccbdcbd3cd3a07cafe2c317eeba4b50efbfe8f-1301078320

Scott

Infected. Installs a toolbar.

http://anubis.iseclab.org/?action=result&task_id=1903f2affc99633e43145ce6070249b18&format=html


Hi and thanks for the input.

Pondus - yes, the first thing I did was run the link through all if those and with the same results. But, I know Avast is rarely wrong on iframe infections. So, I started checking the source code.

Scott - Yes, I saw that also and mentioned it to my friend so he could tell the webmaster. I do not know if that was checked or not as all I got back was a picture of the warning as if I had not already seen it. Thanks for the links.

doktornotor - Thanks for the added information and link.

So, now I can answer again with some backup information and a link to this post.
Thanks for your help!