VBX.Malware.gen detected on web page loading

Hi,

Avast pops up a warning when loading a web site.
I don’t find any VBScript in the page … can it be a false alarm?
What do you suggest so I can investigate further ?

File name: hxxp://www.laboutifanfare.com/
Malware name: VBS.Malware.gen
Malware type: Virus/Worm
VPS version: 100522-1, 22/05/2010

well it is not only avast that detect infection on that website

VirusTotal - unp63762092.tmp - 7/41
http://www.virustotal.com/analisis/a2714da350547f6c89e4a553ba54339843e63be8587df2f4e73fad949af819af-1274612566

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=www.laboutifanfare.com

Suspicious Inline Scripts

There is a large chunk of obfuscated javascript in a script tag (image1) starting 116 lines below the closing HTML tag (a standards no, no) and 262 characters right (image2). This is to hide it from a cursory inspection and again just adds to the suspicion,

So the sites home page appears to have been hacked, it is no false positive.

Hi Ventu,
Make the malicious link you gave non-click-through by putting hxtp or wxw there…

@ DavidR and Pondus,

The google-analytics = google-analytlcs document write scam used to exploit…
This is a so-called spyware add site hack. Here the malicious workings of the obfuscated double code are explained: http://forums.jinx.com/post.asp?method=ReplyQuote&REPLY_ID=405563&TOPIC_ID=63431&FORUM_ID=5
document write goes to: http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.google-analytlcs.com%2F__utt.js%3F&x=16&y=9
Threats found: 1
Here is a complete list:
Threat Name: Trojan Horse
Location: htxp://google-analytlcs.com/i/tmp/des.jar

polonus

Thank you very much for your answers!
That definitly is not a false alarm, indeed!

No problem, glad I could help.

No definitely not, avast’s web shield has proven to be very accurate in these detections in the past.

Welcome to the forums.