[DKTaber]

Friend has Avast! on her Vista laptop. Yesterday, she was looking at some genealogy sites, and opened delgensoc.org/dgswork03.htm and instantly got a warning from Avast! that it had discovered the trojan JS:Redirector-H4. Instructed Avast! to delete it, which it did.

My AV is Avira Antivir (ver. 9) and my OS is Win XP. I went to the same site on my computer, and no warning. A subsequent full AV scan detected no viruses (also did full scans with Ad-aware anniversary edition, SuperAntiSpyware, and Malwarebytes. None found anything).

So my questions are: Is there any such trojan as JS:Redirector-H4? Could it really be on the Web site? Or is this a false positive from Avast!?

If you use Avast!, when you go to the site mentioned above, does it give you a warning?

[blitzkreig]

My kaspersky also seemed to block something out of place

[blitzkreig]

So my answer is yes, the site contains a trojan redirector

[Kenny94]

The site seems fine on my computer. I'm using Nod32.. And Wot gives the site a green light....

[DKTaber]

Quote:

Originally Posted by Kenny94

The site seems fine on my computer. I'm using Nod32.. And Wot gives the site a green light....

Yeah, so does mine. But see the messages above from srprashant. Kaspersky, a very highly rated AV, also says it's a rogue site. IMO, this confirms that it is. I am disappointed that my Avira, for which I also have a high opinion, didn't flag it. Nor does WOT put a red light on it.

I don't think the site purposely has the trojan; I think it was hacked. I have sent a notification to WOT about it.

Thanks for the quick responses.

[Phantom010]

It may also be a false positive from Kaspersky.

If Avast has detected it and not NOD32, I would say there's nothing to worry about...

[Kenny94]

Kaspersky is know to be over cautious. But I do like Kaspersky..

[Phantom010]

Kaspersky is a good product and would be my second choice but as Kenny94 says, it's a little over cautious...

[DKTaber]

Quote:

Originally Posted by Phantom010

It may also be a false positive from Kaspersky.

If Avast has detected it and not NOD32, I would say there's nothing to worry about...

Perhaps. As I said, I sent a message to WOT suggesting they investigate. If I hear back from them, I'll post it here. If it turns out to be a false positive, my faith in Avira will be restored. If the site DOES contain the trojan Kaspersky says it does (and where would it get such detailed information if it's a false positive; look at the attachment to srprashant's first response), I'll have to reassess my commitment to Avira.

[Kenny94]

Avira has make a lot of progess in the past year. And I have it my top Antivirus list now.

[Phantom010]

If you carefully read the Kaspersky pop-up, it's a warning about a web page that is used to steal passwords... It's not detecting any malware... It's a bit like a McAfee Site Advisor.

[Cookiegal]

Actually, it means that it is used to steal passwords, not in the past tense.

This is a new and real web site exploit that I would take seriously. It seems to be using either javascript, pdf, flash or iframe exploits to redirect to that malicious site.

Someone should contact the site owners that they should check their pages.

[DKTaber]

Quote:

Originally Posted by Phantom010

If you carefully read the Kaspersky pop-up, it's a warning about a web page that used to steal passwords... It's not detecting any malware either... It's a bit like a McAfee Site Advisor.

I don't read it that way at all. It says the Web page "contains a link to a Web page [that is] used to steal...confidential data..." Said another way, "a Web page [whose purpose is] to steal...confidential data..."

[Phantom010]

Quote:

Originally Posted by DKTaber

I don't read it that way at all. It says the Web page "contains a link to a Web page [that is] used to steal...confidential data..." Said another way, "a Web page [whose purpose is] to steal...confidential data..."

Forget about my misinterpretation of the "used". I didn't have my coffee yet.

[blitzkreig]

I take a note of what cookiegal says. The exploit on the website could take advantage of vulnerabilities and could launch various attacks.