Jump to content

object HEUR:Trojan.Script.Balada.gen ?

Go to solution Solved by Berny,

Recommended Posts

Good evening, I have detected the same message on the following page from a client who coincidentally received the same alert today. Can you help me validate if the page is infected or is a false positive? 
https : //revistamujeractual.com/  → ! This infected link is disabled !

WhatsApp Image 2024-01-31 at 22.02.32.jpeg


Link to comment
Share on other sites

  • Solution


In the meantime  please see below the verdict that i just obtained from Kaspersky Virus Lab.



This is not a false alarm. This site is infected.
Here is the malicious code:
<...>{if (e.detail.popupId == "3823") {var uexbsh/ <...>
If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

Best regards, Xxxxxxxx Xxxxxxxx , Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700"



↓ Please see malicious script ↓




  • Like 2
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...