Since 1 Month my website: hxxp://sunhabbo.net is detected by Avast! as infected with that: JS-ScriptIP [Trj].
But only avast! detect him as infected.
If anyone can say to me what’s the infected file or if this is a wrong alert from Avast!, because i’ve changed the content not a long time ago that were already infected by the same infection.
Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks.
I get redirected to a maintenance page, and it seems that avast is alerting on the script highlighted in the image.
Not sure on the detection of that script, I would need someone from avast to comment. (I personally think that it may be a FP, but avast also blocks with the network shield so there may be more to it…)
Just to add, this morning i’ve moved my website into a personnal Web Server.
But before this change my website were hosted from free-h with an alternative subdomain to the current, hxxp://sunhabbo.free-h.fr, when enter to my web-site with this URL. Avast! detect randomly a file infected. When i refresh a page it’s never the same file infected.
I’m new here. All the while I’ve been visiting this site www.laidown.com (almost everyday) but only starting yesterday when I clicked on a link that the avast shows ‘JS:ScriptIP-inf[trj]’ detected. Is this a virus or false alarm?
There is a strange compressed script file {gzip}loaded when these links are clicked, see alert image1 and small extract of the contents of that file, image2.
That said http://www.urlvoid.com/scan/laidown.com doesn’t find anything. But in the past even though avast was alone in some detections it was also proven to be correct. So I don’t know why this compressed script file is run/opened or have any idea about the actual content of that file. So it needs further investigation.
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.
If you are reporting an FP, then you get another input field open (image3), click Browse button and navigate to the file or enter the web URL for the site you wish to submit for review, etc.
First image1 can only be accessed if you have Ask as the first selected Action.
The second is I know how to capture the infected file with some degree of safety, which I’m not going to divulge or those who may try to access it might not be so safe.
The third is just an extract of the contact form for reporting such issues.
I use SnagIt image capture which is a paid application, there are other image capture applications which are free, try googling it.