How do I reproduce the problem myself using a virtual machine?

The Yandex antivirus detects infections that are difficult to reproduce manually. In such cases, you can see the malicious code in the browser by testing a “vulnerable” system set up on a virtual machine.

The system should be set up as follows:
- Windows XP operating system.
- Browsers (IE, Firefox, Chrome, Opera) with history and cookies disabled.
- Local proxy for viewing all HTTP connections.
It is advisable to install older versions of browsers, Java Runtime Environment, Acrobat Reader and Adobe Flash plug-ins.
After you set up the system, take a snapshot of the virtual machine. Now you can start testing:
- Open the site with different browsers.
- Visit the site from the search results and from the address bar.
- Connect to the site through the anonymizing proxy and directly.
- Try changing the User-agent header from desktop to mobile.
After each viewing of the page, examine the page code and return to the snapshot.
You can spot malicious code on the website by:
- Foreign <iframe>, <script>, <object>, <embed>, or <applet> elements in the page markup.
- Loading the data from hosts in the .cc, .in, .cn, .pl domains or redirecting to such hosts. Also, suspicious requests to the dynamic DNS services or directly to IP addresses.
- Disguising domain names as popular sites, for example google-analylics.com or yandes.ru.
- Obfuscated scripts.
- Scripts containing the eval, unescape, document.write, document.URL, window.location, window.navigate calls.
- Redefining the DOM elements.
- Added code in the JS libraries.
- Added operations with strings (redefining, replacing substrings, shifting characters, concatenation).

Tell us what your question is about so we can direct you to the right specialist:

In this case, read the recommendations in the Unwanted programs and dangerous files section. You can also contact support from that page.

If you see a message about another issue related to the site security, choose the violation type.