Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: pavlos1 on May 01, 2014, 09:32:37 PM
-
Suddenly all navigation, (navigation bar and navigation menu) was lost from my page.
At the same time I got these messages from Avast antivirous (see attachments).
What can I do to solve this issue? Does anyone else encounter the same issue?
The creator of the WYSIWYG programm say it is a false positive?
Thank you
-
Since the screenshots are in a language other than English
you will get better help in you language find it here http://forum.avast.com/index.php?board=21.0
-
Hi pavlos1, your site was compromised and now some of your javascript files contains link to malicious javascript.
You can find this link at the bottom of file and it is usually located between comments like "/*e10fe2*/.../*/e10fe2*/".
-
Hi pavlos1, your site was compromised and now some of your javascript files contains link to malicious javascript.
You can find this link at the bottom of file and it is usually located between comments like "/*e10fe2*/.../*/e10fe2*/".
Thank you for your response.
I am not sure I quite understand you. What do you mean at the bottom of file?
Thanks
-
Hi pavlos1, your site was compromised and now some of your javascript files contains link to malicious javascript.
You can find this link at the bottom of file and it is usually located between comments like "/*e10fe2*/.../*/e10fe2*/".
Thank you for your response.
I am not sure I quite understand you. What do you mean at the bottom of file?
Thanks
The javascript files that are run on your site, as highlighted in the quoted text. So check the javascript files (open in a text editor) and look at the bottom of the page for that mysterious/malicious script between the comments mentioned.
-
Thank you, issue resolved.
However, how did these scripts get infected in the first place and how can I avoid it in future?
How come and scripts are so easilly infected?
-
Hard to say exactly how they get modified as there are many ways.
First they have to gain access to your files, in some cases it is out of date content management software, which has a vulnerability that can be exploited. You have to ensure that the software in use on your website is fully up to date, closing any vulnerability. This may be your responsibility or your hosts.
There could be a weakness in your host, where others can access your control panel and or bypass your hosts security. It would be wise to change your site/control panel passwords, etc.
-
Here we see a couple of sites infested with this particular trojan: http://worldguidepremium.com/clean-mx/viruses.php?virusname=JS:Includer-AUF%20Trj&sort=id%20DESC
See the realtime virus viewer report for one of the detections: http://worldguidepremium.com/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fpsresults.com%2F
specially crafted requests of application/x-javascript saving /tmp/BAREsfCpB' etc. output created by Wget 1.12 on linux-gnu to manipulate.
The trojan is a blacole variant.
polonus