Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: pavlos1 on May 01, 2014, 09:32:37 PM

Title: avast blocking navigation in my site
Post by: pavlos1 on May 01, 2014, 09:32:37 PM

Suddenly all navigation, (navigation bar and navigation menu) was lost from my page.
At the same time I got these messages from Avast antivirous (see attachments).
What can I do to solve this issue? Does anyone else encounter the same issue?
The creator of the WYSIWYG programm say it is a false positive?
Thank you

Title: Re: avast blocking navigation in my site
Post by: Para-Noid on May 01, 2014, 09:48:28 PM

Since the screenshots are in a language other than English
you will get better help in you language find it here http://forum.avast.com/index.php?board=21.0

Title: Re: avast blocking navigation in my site
Post by: Tondah on May 02, 2014, 09:35:23 AM

Hi pavlos1, your site was compromised and now some of your javascript files contains link to malicious javascript.

You can find this link at the bottom of file and it is usually located between comments like "/*e10fe2*/.../*/e10fe2*/".

Title: Re: avast blocking navigation in my site
Post by: pavlos1 on May 03, 2014, 12:26:46 PM

Quote from: Tondah on May 02, 2014, 09:35:23 AM

Hi pavlos1, your site was compromised and now some of your javascript files contains link to malicious javascript.

You can find this link at the bottom of file and it is usually located between comments like "/*e10fe2*/.../*/e10fe2*/".

Thank you for your response.
I am not sure I quite understand you. What do you mean at the bottom of file?
Thanks

Title: Re: avast blocking navigation in my site
Post by: DavidR on May 03, 2014, 04:03:21 PM

Quote from: pavlos1 on May 03, 2014, 12:26:46 PM

Quote from: Tondah on May 02, 2014, 09:35:23 AM

Hi pavlos1, your site was compromised and now some of your javascript files contains link to malicious javascript.

You can find this link at the bottom of file and it is usually located between comments like "/*e10fe2*/.../*/e10fe2*/".

Thank you for your response.
I am not sure I quite understand you. What do you mean at the bottom of file?
Thanks

The javascript files that are run on your site, as highlighted in the quoted text. So check the javascript files (open in a text editor) and look at the bottom of the page for that mysterious/malicious script between the comments mentioned.

Title: Re: avast blocking navigation in my site
Post by: pavlos1 on May 04, 2014, 10:53:33 PM

Thank you, issue resolved.

However, how did these scripts get infected in the first place and how can I avoid it in future?
How come and scripts are so easilly infected?

Title: Re: avast blocking navigation in my site
Post by: DavidR on May 04, 2014, 11:25:46 PM

Hard to say exactly how they get modified as there are many ways.

First they have to gain access to your files, in some cases it is out of date content management software, which has a vulnerability that can be exploited. You have to ensure that the software in use on your website is fully up to date, closing any vulnerability. This may be your responsibility or your hosts.

There could be a weakness in your host, where others can access your control panel and or bypass your hosts security. It would be wise to change your site/control panel passwords, etc.

Title: Re: avast blocking navigation in my site
Post by: polonus on May 04, 2014, 11:42:09 PM

Here we see a couple of sites infested with this particular trojan: http://worldguidepremium.com/clean-mx/viruses.php?virusname=JS:Includer-AUF%20Trj&sort=id%20DESC
See the realtime virus viewer report for one of the detections: http://worldguidepremium.com/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fpsresults.com%2F
specially crafted requests of application/x-javascript saving  /tmp/BAREsfCpB' etc. output created by Wget 1.12 on linux-gnu to manipulate.
The trojan is a blacole variant.

polonus