My host was infected by JS:Cruzer-C
examples :
hxxp://www.materlignes.fr
hxxp://www.rochexpo.com
There are about 15 websites concerned.
Sorry for my english.
Can you help me ?
There are no alerts on these two sites as yet. At least Google has not acted upon them yet.
How long ago did you find out they were infected?
Same here^^ ;D No Detection^^
Maybe, Just maybe, the sites were cleaned by someone^^
So just like wat mkis said, how long ago did u find out that they were infected?^^
-AnimeLover^^
All fine on WoT. Is this a very recent infection? There is not a lot can be done until you respond.
No doubt someone will have a closer look. Or they already have.
Hello,
JS:Cruzer-C is there. But it looks like some black magic on your host. I have downloaded full copy of your website (manytimes). In about 50% of attempts there was one file infected but:
Infected file:
\->hxxp://www.rochexpo.com/index.php?Ids=pRwTSFUAINsQCsmoNbSK&Menu=ACTUS&Idn3=204&Idn2=17&Idn1=7&A=777&Dr=7
Reason: href
Found virus JS:Cruzer-C [Trj]
Flags: script_inl:1
Return code: 200
Content-type: text/html
Content-length: 1649
Clean file:
\->hxxp://www.rochexpo.com/index.php?Ids=XalCSbzmkrkikeMkfFCG&Menu=ACTUS&Idn3=204&Idn2=17&Idn1=7&A=777&Dr=7
Reason: href
Flags: script_ext:1, script_inl:1
Return code: 200
Content-type: text/html, text/html; charset=iso-8859-1
Content-length: 22830
The “Content-length” value looks strange, why it is different? The smaller one is just The JS:Cruzer-C body as shown in attached image.
So, something on your website is bad. But this is not an usual behavior. There maight be some injected php code into your index.php that uses some random showing. Return code in both cases was 200 (OK).
Regards
It’s very strange.
I’ve checked on rochexpo.com the file “index.php” and everything is ok in the code, but the problem is still here.
So I have restore the website Rochexpo with old files.
The alert is still here but only with IE, not with Firefox.
I have the same problem on this site :
hxxp://www.lacadoledepalladio.com : PB ONLY WITH IE (I haven’t saves files for this website)
My host scanned the server with AVG and avast and the server is ok for him.
Hi supersl
These I checked with Bad Stuff Detektor:
No zeroiframes detected!
Check took 15.65 seconds
(Level: 0) Url checked:
hxtp://www.lacadoledepalladio.com
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
hxtp://www.lacadoledepalladio.com/diapopo.php?id=23&canum=23
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/diapo_fichiers/mootools.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/diapo_fichiers/slideshow.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/diapo_fichiers/lightbox.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/sifr3a/sifr.js
Blank page / could not connect *
No ad codes identified
(Level: 1) Url checked: (script source)
htxp://www.lacadoledepalladio.com/sifr3a/sifr_replace3.js
Blank page / could not connect *
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/menuaccordion_fichiers/mootools.svn.84.hacked.js
Blank page / could not connect *
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/js/calendar.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/js/calendar-fr.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.lacadoledepalladio.com/js/calendar-setup.js
Zeroiframes detected on this site: 0
No ad codes identified
- could mean malware re-directs,
polonus
The problem has been fixed by my host.
Thank you everybody for your help.
Hi supersl,
Good for you and them and good for us here that keep an eye on things, enjoy avast is the best especially for online threats and finding malcode inside websites,
polonus