Trojan with www.airplayradios.com music site

Hello,
since two weeks, i receives back the avast trojan panel when i’m connecting to the xxx.airplayradios.com streaming music site (sorry for my english, i’m french)
The indicated trojan is JS:llredir-AJ and i would know if it is a false alarm or real strength ? thank you for answers.
This site broadcast good music and it will be ugly to can not listen it again… :wink:

it is REAL threat . AVG also blocks it

It detects the Trojan Horse on my PC too(With Avast! Free Antivirus 5.0.462). I think this site may host malicious activities.

If this is a real threat, please edit your message.
The link should not be clickable. (eg. change it to xxx.airplayradios.com)
asyn

thanks for yours answers.
If it is a real threat, i don’t understand why it is detected only at the connection, firstly and it is no more detected during normal activities or Avast scan of the pc, secontly. I uses this site since many years without problem and i haven’t never find any trojan about it !

The site appears to have been hacked, there is a huge obfuscated script tag on a single line after the closing HTML tag, a standards no, no and highly suspect, see image.

avast isn’t alone in finding this page infected, http://www.virustotal.com/analisis/c7bf00cac237624f122cf9559674f17abb6f0705d81dfbb4af7c4e7e6a613de1-1270319491.

When avast detects it with the web shield, the only option is aborting the connection, dropping the infected element, it effectively blocks it from getting on your system. So it is no surprise that you find nothing on a scan of your system.

Could have been hijacked or hacked.
If you can contact the sites admin, tell him/her about.
asyn

Thanks for yours answers.
DavidR for substantiate technical approach and to Asyn for his advice.
I will try to contact site administrator but i don’t know how ! I will reflect.
Thanks at all.

You are very welcome! :slight_smile:
We will also be happy when you post back, if things could be fixed…
asyn

No problem, glad I could help.

Welcome to the forums.

Hi Qristoff,

1 suspicious inline script found.
Is there any good reason for this script to be outside of … block?

^^^^ try {var I="";this.J='' ^^^^ etc. {/code]

Malicious software includes 1 scripting exploit(s).
Suspicious script outside <html></html> tag: stack smasher code, just like that used  with JS:Illredir-AJ, this is commonly down to old content management software being vulnerable See further on this here:
http://forum.avast.com/index.php?topic=55447.msg468865#msg468865

This site was hosted on 1 network(s) including AS28677 (AMEN),

polonus

I have just sent a mail to the site admistrator to inform for this problem.
I’m waiting the answer.

Thanx for the info! So, let’s wait together… :slight_smile:

Yup real threat!