Will Someone Check This Site?

Viruses and worms
1

For some reason this site, www.bekka-[broken]bramlett.com is triggering my Web Shield.

I know this person, she is an entertainer and I can’t imagine her putting anything malicious in her site.

Now if someone wrote some bad code, and that triggered Avast! that would be a different story.

Either way, I need to have this resolved so I can let them know.

I already have had a MVP from M$ security check it out, who suggested I post this problem in here.

Thanks,
zb1

2

I have just tried and get a trojan alarm.

3

Amazing, thats the first time for me Drweb link checker said INFECTED. I would stay well clear.Please EDIT the link, DO NOT post live links to malware

4

The site is infected according to ScanDoo. See the images below and click them to enlarge.

She did not have to put something malicious there herself. If the site’s security is not good enough, it would be very easy for some malcreat to inject malware into the site.

Please do as Micky suggested and break the link to the site. (www. bekka bramlett. com)

5

Definitely infected, attached encrypted iframe.

6

Hi micky77,

Same here, this site has Trojan.DownLoader.33840
The owner of the site may have nothing to do with it, nor the hoster of it, but the malcreant that put the malware there. This is also known as the Js/psyme MZ virus.

For the curious that clicked the link and got infected before kubecj removed the live link in your posting :

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

polonus