Trojan Horse Warning visiting website

Hello everyone. If I wanna visit hxxp://www.vancrystaltina.nl/ (website about cats) Avast blocks that site because of getting infected by a trojan horse.

I use Avast Free Edition Version 7.0.1426.
Virus Version 120504-0.
Real Time Shields are activated.
I use IE.

Questions: Do I have to take warning serious?
If not, how can I visit that site?

Thanks in advance for your help/advice/replies!

Best regards, Hermie

1st please disable the link in case it is malicious.

Questions: Do I have to take warning serious? If not, how can I visit that site?
a. Yes b. you wait until they have cleaned it........or confirmed FP

VirusTotal
https://www.virustotal.com/file/ee08a581b1944006598dc6f6ebdebd7f079d968b7b24dd6c5276c457077be088/analysis/1336152187/

can you attach a screen shot of the avast warning ?

need further confirmation, just providing some more info: http://www.urlvoid.com/scan/vancrystaltina.nl/
http://sitecheck.sucuri.net/results/www.vancrystaltina.nl/
http://www.brightcloud.com/support/lookup.php
http://zulu.zscaler.com/submission/show/9c7e352b8be5c4bed1b87f6c25a7c24e-1336152320

JS unpacker show 2 extra links when decoding… so that may be it?

-http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
-http://bestnewzlx.bz.cm/trf/counter.htm

Bingo! ;D

https://www.virustotal.com/file/ed34664c1acc7ef3340de39c4b5221b0191931754d815995783c1d0c6922d90e/analysis/1336165345/

Line 67 contains the ‘algorithized’ (that’s going to be a word someday!) exploit.
It leads a link to bestnewzlx.bz.cm.

@AntiVirusASeT
Unfortunately, Sucuri doesn’t detect all website exploits. This is the 2nd example this month.

If avast says something is a virus, it usually is, considering the fact that it misses half of them anyway :slight_smile: JK

thx !Donovan, gd catch by u and by avast :slight_smile:

Thanks everyone for investigating this issue.

Is the website infected by a trojan horse, yes or no?

Look forward hearing from you guys again, thanks in advance.

yes it is still infected: JS:Redirector-SX [Trj]

Can you edit your source code manually?

If so, search for “var DRaSe” without quotes. It will lead you to the infected line. Delete the whole line, save, and your issue should be solved.

I wanna say thanks to everyone for great help.

Avast Free Edition did a great job, well done.

I will contact the owner of the website (I’m not the owner) in order to get the trojan removed.

It is now detected by Zulu analyzer

http://zulu.zscaler.com/submission/show/9c7e352b8be5c4bed1b87f6c25a7c24e-1336290390

virustotal
https://www.virustotal.com/file/ee08a581b1944006598dc6f6ebdebd7f079d968b7b24dd6c5276c457077be088/analysis/1336290608/

Hi guys. I have contacted the owner of the website and was told that the problem has been cleared.
Avast doesn’t warn now anymore, so I guess that everything has been fixed.
Thanks for your great support!

http://urlquery.net/report.php?id=52594

No problem.
Glad we could help. :wink:

Thanks!