Trojan on my homepage?

nilsA · Mar 10, 2009

Win XP, Sunbelt Kerio Personal firewall, Avast virus protection.

I have a not so very much used home page.

When I try accessing this from my main PC, I get a virus warning from Avast, saying thata trojan is detected - "JS:Cruzer -b[Tri]

The page is then stopped from loading.

When I use a Linux based (Kubuntu) PC, nothing is detected.

I have not been able to find any suggestions how to deal with something like this - any advice would be very much appreciated.

TimW · Mar 12, 2009

First I would try updating Avast.....we have seen this with a few sites that people routinely visit and then get a report from Avast, until they update.

nilsA · Mar 14, 2009

TimW said: ↑

First I would try updating Avast.....we have seen this with a few sites that people routinely visit and then get a report from Avast, until they update.
Click to expand...

Thank you for answering!

I tried updating - both Program and iAVS. No change, alas.

TimW · Mar 16, 2009

You will need to tell me exactly what avast is reporting...attach a log if you can.

nilsA · Mar 19, 2009

TimW said: ↑

You will need to tell me exactly what avast is reporting...attach a log if you can.
Click to expand...

------------------------------------------------
File name: http://www.nilsandreas.info/
Malware name: JS:Cruzer-B [Trj]
Malware type: Trojansk hest (=Trojan horse)
VPS version: 090318-0, 18.03.2009
--------------------------------------------------

This is a copy-and-paste version - only the part to the right of the : are copied. To the left I have translated the Norwegian to English to the best of my ability.

I tried attach the warning log, but that function does not work just now.

Here are what I guess is some of the most important lines:
Code:
01.06.2008 21:30:29	SYSTEM	1812	Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
01.06.2008 21:30:32	SYSTEM	1812	An error has occured while attempting to update. Please check the logs.  
05.06.2008 13:12:22	SYSTEM	1812	Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
05.06.2008 13:12:25	SYSTEM	1812	An error has occured while attempting to update. Please check the logs.  
03.09.2008 14:43:41	SYSTEM	1812	Function setifaceUpdatePackages() has failed. Return code is 0x00000001, dwRes is 00000001.  
13.09.2008 10:16:11	SYSTEM	1812	Function setifaceUpdatePackages() has failed. Return code is 0x00000001, dwRes is 00000001.  
29.11.2008 10:57:29	SYSTEM	1848	Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.  
01.12.2008 12:17:29	˜	1844	Function setifaceUpdateFiles() has failed. Return code is 0xC0000142, dwRes is C0000142.  
29.01.2009 00:21:54	SYSTEM	1840	Function setifaceUpdateFiles() has failed. Return code is 0xC0000142, dwRes is C0000142.  
27.02.2009 18:22:49	SYSTEM	1848	Sign of "JS:Cruzer-B [Trj]" has been found in "http://www.nilsandreas.info/" file.  
27.02.2009 18:23:12	SYSTEM	1848	Sign of "JS:Cruzer-B [Trj]" has been found in "http://www.nilsandreas.info/" file. 

chaslang · Mar 22, 2009

Problems like this are not something we can cure with a scanner. There is something in your JavaScript code that Avast is having an issue with. It may or may not be a real problem. I cannot really say for sure but I have seen Avast have false positive issues like this in the past.

You will have to try and isolate what piece of code is being flagged and then either decide for yourself if the code is really a problem. If you did not write the HTML code or don't understand it, you should ask the person who wrote the code or post the code in the Software Forum.

Log in or Sign up

Trojan on my homepage?

nilsA Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

nilsA Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

nilsA Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member