I checked a website on Virustotal and Ikarus gave: Trojan.JS.StartPage (No other AV software gave anything). I had Noscript and used Sandbox when surfing. How can I still check that site to see if it’s really infected? I could be false alarm. But I want to be sure I was not infected with anything. Avast said nothing when I went on the site.
Give the site as htxp://etc. or as wXw and we will have a look for you. You could look yourself at URLVoid and see what this metascanner has, feed up the URL to finjan’s URL checker, or at Wepawet, Google’s unmasked parasites, if you think it is a suspicious javascript there is jsunpack (for expert users in a sandbox and with NoScript active on that jsunpack site, this not to let eventual malcode spill over, or look at the site using the malzilla malcode browser (for expert users), you could look for various malware domain lists if the url is to be found there or not, or we give it a look: DavidR, Pondus or little old me, you could also attach a gif image of the script found there (images cannot infect, use a GIF format in the right size), and if you have some expertise here come and help us,
You will have a problem there as you can’t use it until you have 20 posts:
The problem comes from drive by spammers, who having registered put objectionable or commercial links in their profile signature to try and gain link promotion, etc.
There have also been cases of the PM function being abused to spam forum members, so you will notice that you can’t use the PM function either.
Unfortunately because of the actions of others legitimate members suffer by the actions to prevent this spamming.
Well here is the link: WARNING VIRUS SCRIPT hXXp://allla.mihanblog.com/post/24 WARNING VIRUS SCRIPT
Thanks
Very grateful for some help on what was in there! I don’t think I was infected because I had NoScript, Firefox & Avast5 running all at the same time I think NoScript would stop it though. I do not know if that JS.Startpage is Javascript or Java… if so would it help? Hmm.
Pondus is right, I only give click-through links here as they are safe and secure and cannot infect at all. These are sites where the malware as such is analyzed, and you cannot get infected through these (unmasked parasites and Wepawet). Another question with jsunpack online website where the javascript is being unpacked and analyzed and for instance http://www.greymagic.com/security/tools/decoder/ where urls and code are being decoded (there you need NoScript script blocker installed and active in a Mozilla browser together with RequestPolicy on and preferably have the browser sand boxed, so eventual malscript cannot spill over and (re-)infect). I will never give these links live, always with htxp or wxw so only the experts know what to do, all code (because even harmless code can be flagged by the avast browser shield, is given as an attached (minimized) gif image created from a screenshot of browser or apps with using Pcpick (because of maximum size of attached images), so no one can get infected. After thousands of these sort of online malcode analysis in victim’s threads, we sure know what we are supposed to do, and your countryman Pondus likewise keeps these strict policies.
“Do not harm” is also one of the foremost rules of the malware fighter,