Sign of "HTML:Script-inf" while browsing

Hi all,

I was curious as to whether my machine has been infected or not, I was browsing the web and did a bit of mis-typing and came across a web site hxtp://www.ecchi-haven.net, the next moment i know I am getting a pop up saying a virus dectected with a malware/worm. I dont care if the website is infected its my own fault I accidently went there :-[

Avast did log the warning it is listed as follows 19/06/2009 18:05:51 SYSTEM 1116 Sign of “HTML:Script-inf” has been found in “hxtp://www.ecchi-haven.net/” file.

Avast stopped loading the website , I then immediately closed my browser (IE8) and wiped my temporary internet files, I also did a selected through scan of “Internet Explorer”, “Windows”, “java”, “Adobe” & “Microsoft Software” folders.
the scan came back clean of those folders.

However would it be possible if my machine is still affected or did I & Avast manage to stop any infections coming onto my pc.

any help would be appreciated.

ps

I have not done a boot scan yet and will only do one if neccessary

First, replace http to hxtp to prevent accidental exposures^^

Second, it seems the infection is on the website itself!^^Not ur PC^^

Furthermore, wait for evangelists for confirmation^^

-AnimeLover^^

Okay edited the html to hxtp, Sorry about that :-[ :-[

The system shouldn’t be infected as the web shield would block the possible download of any malicious content.

However, the site you visited looks like it has been hacked although I can’t see anything obvious.

See https://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.ecchi-haven.net%2F&x=0&y=0.

okay, thank you :D, its a relief to know that my system is hopefully safe. ;D

Well hopefully I shall browse the web a bit more carefully :-[, I can hopefully say lesson learnt, anyway just wanted to say thank you to the people that replied to this post and helped, many thanks ;D

You’re welcome.

You could also scan with some other applications that compliment avast.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of securty, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Hi DavidR,

Is the line of code I have attached the issue?

Checked at MyWot, a couple of pretty recent, bad reviews (I know MyWot is not completely reliable, just saw it and thought it was odd)

http://www.mywot.com/en/scorecard/cgi35.plala.or.jp%2FBTO%2Fdata%2Fentry%2Fcss.js

-Scott-

I don’t know as there are also other pointers to this URL and if it were this one I would have thought that the malware name would be different. However, it does look like that is it, as outside of the browser if I try to download that css.js file from there the Network Shield alerts on that domain as a malicious site.

hXXp://cgi35.plala.or.jp

The css.js file reports a 404 error.

Siteadvisor doen’t like the original site either:

When we tested this site we found links to animetoplist(dot)org, which we found breaches browser security on our test PC.

what is the significance of the 404 error, is it bad?

-Scott-

EDIT:200 posts - Sr. Member Wahooo!!!

Hi DavidR,

I have installed Malwarebytes and did a quick scan the report did come back with 3 findings, only problem I am not sure if the are malicious.

Hello.

I know it’s not my own thread, but I had quite a similar problem today, so I guessed I better share it here.

As I was opening a thread on a forum, I got a warning from Avast (in the log, it’s said: 20/06/2009 11:57:30 SYSTEM 1788 Sign of “HTML:Iframe-inf” has been found in “hXXp://pixhost.eu/avaxhome/avaxhome/2007-03-09/barakaFT.jpg{gzip}” file.). When the warning prompted, I had no choice from Avast, weither I want to delete something or not, or put it in quarantine. What is even more puzzling is the fact that the url had nothing to do with the website I was browsing (but somebody just said there were other pointers to the URL David was talking about, maybe that’s because of that).

As David, I was just wondering if nothing has been infected in my system, and how could I prevent myself from such issues in the future.

Thank you all.

Memnoch16,

I think you should be ok to re-scan and choose to delete the infected registry values found (maybe wait for confirmation)

Viinncceennt,

This should really be in it’s own thread, however,

Please could you modify your link to make it inactive please (change the http to hXXP) this will prevent other from potentially becoming infected.

If it was a web shield alert you would have been alerted with a popup (with the option to abort connection) and a notification similar to the one attached to DavidR’s post

If it was the network shield, you would have just been alerted with the nitification at the bottom of the screen (DavidR’s image)

-If I have got this the wrong way round please confirm-

Either way the malware was prevented from downloaded onto the system and you should not have been affected by it

-Scott-

Thank you very much for this quick answer, what you described looks like what I got (BTW, is it possible that I got a warning from the web shield and the network shield too, because I think this is what I got (a pop-up plus a yellow notification in the left bottom corner).

Thank you again!

If I’m not mistaken, that is the web shield (I think it does both), but I could be wrong.

-Scott-

I also did install SuperAntispyware Free and the scan it came back with was 11 infected files, and I thought my machine was clean :cry:

Anyway SuperAntispyware Free listed the following;

  • Adware.HBHelper (6 files)
  • Browser Hijacker.Deskbar (5 Files)

these are in addition to the 2 items Malwarebytes is picking up, so should I assume its okay to clean/quarantine all these?

I have attached the Malwarebytes log below.

It should be okay to allow the programs to deal with what they find, i.e.: quarantine and delete them (I think that’s the wording)

-Scott-

Okay, thank you for your help ;D