About an hour or so ago,i attempted to go to one of the websites i’ve had bookmarked for several years now,and avast told me that it blocked a trojan. I was on the site earlier today and had no problems,and other users on the site seem to have no problem. I’m thinking it might be one of the ads on the website,but not really sure,i left a message for the person in charge,hopefully they can answer it. By the way,the site is usually pretty safe. What do you guys think?
Can you provide the link please?
The website is wXw.heaven666.org. Thats the main page,it happens on other pages of the site too.
Malicious by WOT: https://www.virustotal.com/en/url/6fe6105aafb10dd55a347146b9b0207c5be1cd79cd38979477b086ca59bd0d45/analysis/1396051294/
Please wait for polonus for further analysis, i cannot find any scanner that reports something malicious.
He might not be back for some hours cause its 1am here. 
Killmalware report: http://killmalware.com/www.heaven666.org/
sucuri report: http://sitecheck2.sucuri.net/results/www.heaven666.org
if you have not rebooted since it happend… right click avast tray icon > show last popup > click pin in top right corner to pin it on screen > take screenshot of it and post here
Thanks for the quick answer guys,heres what avast! blocked: JS:Includer-BAO [Trj]
Heres a screenshot.
Yeah,thats what i was getting thanks
seems to be located in a compressed file (gzip)
only avast detect…if correct
https://www.virustotal.com/en/file/3dcd083c6b941f1faef517d10a912c739d2f847fa50d01c4a9a2b5e7f84620c7/analysis/1396051843/
Could it be an ad on the site,or something someone uploaded?
yepp…or a FP
Guess i’ll have to wait and see then,thanks for the help guys
Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
The most common cause for infection on-line is from hacked sites, so it isn’t unusual to see something like this on what you might consider pretty safe (almost no such thing as a safe site).
The alert appears to indicate that there is a compressed file loaded when you visit the site. That is the |>{gzip} at the end of the url path, see image1 and image2, extract of compressed file contents.
This could also be because some other sites on that host have been infected and it may be an IP block rather than a domain block, but this required further investigation. See http://urlquery.net/report.php?id=1396052232932.
-
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: Report false virus alert on website, issues.
-
If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review, etc. A link to this topic also wouldn’t hurt.
I have modified my post and fixed my goof,thanks for informing me.
You’re welcome.
Same issue with xhamster.com
Getting the same thing on … ftop.ru …a site that I have also had booked marked for quite some time and just used the other night.
It is showing the
URL as…h_www_ftop_ru__|{gzip}
and the
Infection as …JS:Includer-BAO [Trj]
I have NEVER had this pop up until tonight
detection seems correct
http://i.imgur.com/D5gEauC.png
the site was part of the distribution network of malware
level of severity 3
ET RBN Known Russian Business Network IP group 352
http://urlquery.net/report.php?id=1396062571875
Zulu scaler report suspicious files
http://zulu.zscaler.com/seen/53144f39e00f8d523042bf84dc6d5f7e-1395355893
AVG reports have found 4 threats
http://www.avgthreatlabs.com/website-safety-reports/domain/xhamster.com/
hidden iframe
http://i.imgur.com/jhpvEpv.png
http://i.imgur.com/wpQrjzn.png
evaluation and obfuscated
http://wepawet.iseclab.org/view.php?hash=27f3653318d17014d6e4a2a0e3cfa767&t=1396063631&type=js
site listed blacklist
https://www.virustotal.com/en/url/bfdb91ff433083f7223ddb06a26c2b6bb0e32c7c502bee21a6af5dcc30e83a36/analysis/1396062364/
cysc.blacklisted.gen
http://support.clean-mx.de/clean-mx/viruses.php
This site contains malicious redirects
and also the detection seems correct
http://i.imgur.com/nDtVOCI.png
1: hxxpservice.clicksvenue.com / show.php sid = 104 & spid = 169 & scid = 10 & cgid = 2 → hxx / xxw.ftop.ru/1/2.html?
http://wepawet.iseclab.org/view.php?hash=730e3927044f4fd303ba9a00dc0ba56c&t=1396064425&type=js
unknown_html
http://support.clean-mx.de/clean-mx/viruses.php
hidden iframe
I thought I was the only one having this sudden problem but it would appear that a majority of “Adult websites” are infected by
“JS:Includer-BAO [Trj]”
Are there any quick ways to fix this problem manually?
Or is it until the said sites are clean again from infection
but i find it weird that i have this problem with my personal computer but i can still access these sites normally when im using a public computer