hxxp://kamekaze.clubsyn-x-treme.net/
I go to this site all the time, but suddenly avast says there’s a Trojan and that it stops downloading the dangerous file.
What is this dangerous file?
hxxp://kamekaze.clubsyn-x-treme.net/
I go to this site all the time, but suddenly avast says there’s a Trojan and that it stops downloading the dangerous file.
What is this dangerous file?
Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.
Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0
Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).
Check here how to clean and make a website secure.
The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.
Analysis report for hxxp://kamekaze.clubsyn-x-treme.net/
hxxp://wepawet.cs.ucsb.edu/view.php?hash=785ad4f60939bea74137fa9a3ec9bd61&t=1272116237&type=js
Mind posting the report in text? The site also gave me a trojan warning <_<
Here you go, an image of that page’s content
Sites get hacked with monotonous regularity now and is one of the most common methods of infection.
It does look like this site has been hacked as there is a large (single line) chunk of obfuscated javascript in a script tag outside the frameset tag of this page, which to me is highly suspect (see image1 single line broken to make it easier to view). This is pointing to a site considered malicious, hnarmettis.com, see images 2&3. Also see http://safeweb.norton.com/report/show?name=hnarmettis.com.
Image4 shows the decoded suspect script creating iframe tags to hnrmettis.com
So I would say the detection is very good.
Hi SoraXNagisa,
Here Kaspersky flags it: http://scanner.novirusthanks.org/analysis/385205aa174d6ab2a29cce9b2d1adc37/aW5kZXg=/
as Kaspersky 24/04/2010 9.0.0.736 HEUR:Trojan.Script.Iframer
Do not put a live link to this infected site here, make non-clickable by putting htxp or wXw…
Why it gives a trojan warning?
It does this through embedding an iframe, which is a HTML code element.
As it is an iframe, it may not be the actual site that is infected,
but it may be that someone exploited the comment system and managed to embed an iframe with the trojan in it. Either way, avoid the site if you can, if not, make the web administrator aware of it if you can.
Update Acrobat Reader
polonus
Hi all.
Check out the Malware Domain List or alternatively :
http://www.malwareurl.com/listing-urls.php
http://safeweb.norton.com/buzz
Is there any of these scanners that allow Context Menu entry like the old Dr. Web?
Hi Tech,
To some you can subscribe as a RSS feed, Norton Safe Web is a free service , you can start an account. The other sites are available as block lists to be used with a hosts file or you can enter the blocking in SpywareBlaster for instance. There is so much you can do with these lists in various formats if you know how to apply…
Then you can have this next to your av: http://linkscanner.avg.com/ …but mind you avast shields are the best!
Norton Safe Web omits the sites they haven’t scanned. I think for the moment Google’s “unmasked parasites” and novirusthanks.org are the best url scanners, but these are on demand.
In browser scanners that you can have inside Firefox or flock browser are:
1st place WOT
2nd place finjan
3rd place DrWeb’s
go to the official firefox add-on site to install them…
I also used to like scandoo but they interrupted their free services to go commercial,
mind that with the scanning of DrWeb’s it does not find all because it only scans the direct links, does not sometimes go deep enough to catch all redirecting links, there unmasked parasites should be added. Always use a combination of url checkers, like WepaWet, anubis, if you know what you are doing and know the risk use the malzilla browser or jsunpack (danger of malware spilling over, so use in combination with NoScript and RequestPolicy with normal user rights in a virtual surroundings)…
polonus
Why would you put WOT as the first when it’s based on user opinions and more frequently biased?
How to use them with SpywareBlaster?
I’ve gave up on using a different hosts file. Block access to my bank website. I did everything I could but it was the only way to have permanent access to that website (i.e., with a default hosts file).
@Pondus - make the wepawet non-clickable it sets off the avast shield alarm!
@Tech - you must know that… Tech, don’t tell you never went into the various tweaking modes of the old SpywareBlaster application. SpywareBlaster has a Tools section, amongst other things you can custom your hosts file with it and make it safe with hosts safe built in, you can exclude ActiveX you think are dangerous etc. etc. Some folks just use the standard protection and update it regularly, but there are so many more possibilities to work with it. If you do not like the use of an oldfashioned host block list then just have NoScrip and RequstPolicy extensions inside the Firefox browser and tweak these to your command or block and allow when needed, you can exclude your banksite!. Then you are protected all around, zero scripts to hurt you then.
As the malware sites are ever-changing now like the waves of the ocean and there are sooooooo many, you are mostly doing protective things after the fact, that is de facto, just the previous seconds a new malicious domain was created and a legitimate website hacked and bingo without the most recent updates of your Windows and third party software (use Secunia’s scanner to check) you will be their next victim, malcreants are all around…
polonus
Polonus, I never mess that much with SpywareBlaster tools section…
Really, I want Flash in the webpages and I need to manually add items to block (too much work).
The hosts file features are just backups…