Jump to content
nod32user2

HTML/ScrInject.B trojan in website; can't locate source

By nod32user2, in Malware Finding and Cleaning

Recommended Posts

nod32user2    0

nod32user2
Posted

Eset antivirus (7.1.2045.5, update 19599) web access protection says this website is compromised with the HTML/ScrInject.B trojan:

hxxp://www.msd.k12.or.us

However, virustotal says that the site is clean. 

I've downloaded the HTML (safely) to a virtual machine to examine, but I can't locate the infected javascript library that's referenced.

Is there a way I can find out exactly what library or code in the HTML file is triggering the alert?

Thanks.

Share this post

Link to post
Share on other sites

Marcos    2,870

Marcos
Posted

The website was compromised. An administrator should remove references to extnetcool.com and take measures to prevent further re-infection.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...