Trojan Horse

avast! claims that the website http://www.wigenweb.org/ contains a Trojan Horse and denies access. The webmistress was contacted and she did not receive a warning. I uninstalled avast! and installed Avira AntiVir which does not block access to the website. Is avast! a false warning ?
If it is a false warning what can be done to correct ?
Myron

It looks like the site has been hacked, I get two alerts, one on a packed javascript file being loaded when you visit the page (it has a different malware name JS:ScriptIP-inf and inserted/injected script).

The second is in the actual home page, this is an obfuscated script tag inserted after the Body tag on the same line and goes on for a long way (see image I have broken it onto another line to show where it is).

See image2 for a decoded result of what and where this obfuscated script is going, I don’t know if this is intended/legit for the site, but I find little reason to obfuscate javascript (a plain language form of scripting) in this way, what are they hiding.

The site it is pointing at is located in China and doesn’t have a very good reputation (the same for most of its sub-domains also) http://www.mywot.com/en/scorecard/serveblog.net, http://www.google.com/search?q=serveblog.net.

Very few AVs are actually looking at this and less capable of detection.
http://www.virustotal.com/file-scan/report.html?id=049bbf3c0fa2944b895f11cc04e19481d684379ed6e45aa0e912275b6656b11d-1282080451


URLVoid says the site is infected :

http://vscan.urlvoid.com/analysis/2b2097ea55e2e4cd7c014d03f63cfd5c/d3d3LXdpZ2Vud2ViLW9yZw==/


  1. Not a good idea to uninstall the program that would have protected you…!! :frowning:
  2. No…!!!
    asyn