Request for help

Avast Free Antivirus / Premium Security
1

I have been a member of one religious forum by name hxxp://www.sumadhwaseva.com for the last three years & used to participate in the forum without difficuly.

Since last week when I try to open the site I am receiving the message

" Trojan Horse Blocked.
avast web shield has blocked a threat,
No Further action is required.

Object : hxxp://www.www.SUMADHWASEVA.com/

Infection : JS:small-C[Trj]

Action : Connection Aborted

The threat was detected and Blocked while
dowloading an item from the web "

Thus I can not open the very site itself.

I tried to check up with the concerned people of the site they say
there is nothing wrong with their site. I am unable to open any link of
this site. I have been a regular member of this site & I have not found
any virus threats from there.

Kindly chechk up the matter & help me in the matter.

vk1945

2

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=www.sumadhwaseva.com

scroll down to " Suspicious Inline Scripts " Obfuscated script

There is also a Malwarebytes IP block on ip: 122.115.63.2
hpHosts: http://hosts-file.net/default.asp?s=122.115.63.2

3

The site appears to have been hacked and avast isn’t alone in finding detections on both of the avast alerts, image1&2.

http://www.virustotal.com/analisis/89d100292f6ad93fa7ed1aa06a94c49bc7970067021f61c2460dcec85be9d986-1266780533
and
http://www.virustotal.com/analisis/c94de81e77315135338c1e57188e8378a72d9d3a46943300b5ed0fd7e754e5a6-1266780650

There is a huge block of obfuscated javascript (all on a single line) after the closing Head tag and before the opening Body tag a bit of a standards no, no and highly suspect, see image3 where the single line has been broken to make it easier to see. The is the same in the other alert.

Also see, http://www.UnmaskParasites.com/security-report/?page=www.sumadhwaseva.com

4

Hi vk1945

Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.

This kind of detection is very common these days, with many ‘legitimate sites’ becoming hacked to distribute malware:

Every 3.6 seconds a website is infected

Unfortunately, it does seem as though the site has been hacked.

There is a large chunk of obfuscated script on that page which is also outlined by the link Pondus has provided.

-Scott-