Hi malware fighters,
I got a "Sign of "HTML:iFrame - FW [Trj]"has been found in "… " by avast
But when I scan the site with WepaWet I will get “benig” as a result, see here:
http://wepawet.iseclab.org/view.php?hash=6e67c2014e0b33bb0aadf3655d28e5e5&t=1269893173&type=js
Then with an unmasked parasites check that gives the site as clean;
Norton Safe Web also produces an all green for this site;
Investigating further into what could be the culprit of this I got
iFrames found: (novirusthanks iFrame checker)
hxtp://api.tweetmeme.com/button.js?url=hxtp%3A%2F%2Fwww.prelovac.com%2Fvladimir%2Fwarning-website-virus-attack&source=vprelovac&style=compact&service=su.pr
Guess this was what avast flagged? Because a redirect to malcode via tweetmeme was found,
a method recently ofter used to redirect to malicious software (Gzip-data)
Complete iFrame report:
No zeroiframes detected!
Check took 5.92 seconds
(Level: 0) Url checked:
hxtp://www.prelovac.com/vladimir/warning-website-virus-attac
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
hxtp://No zeroiframes detected!
Check took 5.92 seconds
(Level: 0) Url checked:
hxtp://www.prelovac.com/vladimir/warning-website-virus-attack
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
htxtp://api.tweetmeme.com/button.js?url=http://www.prelovac.com/vladimir/warning-website-virus-attack&source=vprelovac&style=compact&service=su.pr
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.prelovac.com/vladimir/wp-includes/js/jquery/jquery.js?ver=1.3.2
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.prelovac.com/vladimir/wp-includes/js/comment-reply.js?ver=20090102
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.prelovac.com/vladimir/wp-content/themes/imbue/library/scripts/thematic-dropdowns.js
Zeroiframes detected on this site: 0
No ad codes identified
?url=http://www.prelovac.com/vladimir/warning-website-virus-attack&source=vprelovac&style=compact&service=su.pr
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.prelovac.com/vladimir/wp-includes/js/jquery/jquery.js?ver=1.3.2
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.prelovac.com/vladimir/wp-includes/js/comment-reply.js?ver=20090102
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxtp://www.prelovac.com/vladimir/wp-content/themes/imbue/library/scripts/thematic-dropdowns.js
Zeroiframes detected on this site: 0
No ad codes identified
Now the results"
Only avast and GData give the site as infected here:
http://scanner.novirusthanks.org/analysis/8e932819aeb409f8fead77b151bf1309/d2FybmluZy13ZWJzaXRlLXZpcnVzLWF0dGFj/
Avast 100328-0 4.8.1368 HTML:IFrame-FW [Trj]
G-Data 19.9309 2.0.7309.847 HTML:IFrame-FW [Trj] B
chapeau avast!
polonus