Virus?

DO NOT FOLLOW LINK BELOW WITH IE (for security I put commas instead of dots):
http://www,brico-ok,com/ja_woll.php

Could somebody tell me if it’s virus and is it detected by avast?

Thanks in advance.

Well what virus do you believe to be there and what detected it ?

The DrWeb Link checker doesn’t find anything, on less a script on that page although not in itself malicious imports/runs something that is.

Running with DropMyRights, Firefox with NoScript, just displays a blank page, however, the page source code looks strange to me. With NoScript temp allow for the page it remains blank. This looks like it will try to use IE to launch and activeX object and run several executable files win32.exe and windns32.exe, see image, this is most of the code on the page, the Array line is huge though. So there would definitely appear to be malicious intent/content called/run from that page.

http[break]://[break]www.brico-ok.com/win32.exe This is one of the executables mentioned and DrWeb doesn’t find anything there either.

That is about as far as I’m prepared to dig without running a sandbox.

Well, I’m using Opera browser and this site shows blank screen but my girlfriend unfortunately uses IE. She told me that when she entered this webpage some window apeared with blinking dots.
I’ve detected on her firewall (Outpost) that svchost.exe process is trying constantly to connect to IP: 66.185.126.34. I’m not sure if it is malicious but it is quite suspicious that when I block this connection one of svchost.exe processes consumes more and more of memory. After few hours it can “eat” up to 600MB of virtual memory… Avast haven’t detected a single thing.

Well the IP address if it means anything to you, appears to belong to:

Querying whois.arin.net:43 for 66.185.126.34...

OrgName: ServerFlo, Inc.
OrgID: SERVE-22

City: Palatine
StateProv: IL
PostalCode:
Country: US

NetRange: 66.185.112.0 - 66.185.127.255
CIDR: 66.185.112.0/20
NetName: SERVERFLO-NETWORKS
NetHandle: NET-66-185-112-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation

Whilst I don’t fully understand the code it does look malicious in the way it is trying to use activeX (which isn’t in either firefox or opera and to my mind makes it more secure) and run executable files.

I think it needs someone to look at it that understands the code to say what is going on and why nothing is detected.