See: SE visitors redirects on npo-bazalt dot ru
Chain of redirects found:
to: htxp://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
jbtconsultinggroup.com is reported by Google as suspicious
56 sites infected with redirects to this URL
to: htxp://alfsystem.com.my/includes/domit/1.php
alfsystem.com.my is reported by Google as suspicious
827 sites infected with redirects to this URL
to: htxp://www.csra.de/includes/domit/1.php
www.csra.de is reported by Google as suspicious
346 sites infected with redirects to this URL
to: htxp://google.ru
42 sites infected with redirects to this URL
Sucuri scan has the redirection there also covered neatly
Site needs updating Joomla CMS, that is outdated.
Joomla Version 1.6.x :o for: htxp://npo-bazalt.ru/language/en-GB/en-GB.ini :o
ISSUE DETECTED DEFINITION INFECTED URL
Internal Server Error php-error-headers-already-sent htxp://npo-bazalt.ru/index.php
Internal Server Error php-error-headers-already-sent htxp://npo-bazalt.ru/index.php/o-nas
Website Malware mw-redirection121?v3 htxp://npo-bazalt.ru/index.php/o-nas/obshchaya-informatsiya
Website Malware mw-redirection121?v3 htxp://npo-bazalt.ru/index.php/o-nas/nasha-tsel
Internal Server Error php-error-headers-already-sent htxp://npo-bazalt.ru/index.php/o-nas/nasha-strategiya
Website Malware mw-redirection121?v3 htxp://npo-bazalt.ru/index.php/o-nas/kontakty
Known javascript malware. Details: http://sucuri.net/malware/php-error-headers-already-sent
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /wXw/npobazal/www/htdocs/includes/defines.php(1) : eval()'d code:4) in /wXw/npobazal/www/htdocs/libraries/joomla/session/session.php on line 462
polonus