Avast WEBforum
Other => Viruses and worms => Topic started by: MuMonkey on February 18, 2010, 11:42:33 PM
-
Hello, I am an admin at Mumonkey.com and some of our users were using avast, and then it pops up with an error about a "http://www.mumonkey.com/js/jquery.resize.text.js" as a JS:Illredir-R [Trj], also a jquery.anchor.js file it calls a JS:Illredir-R [Trj], and the javascript to resize text comes up as a JS:Illredir-R [Trj]. For some, the browser then closes. What can be done to get rid of these 3 false positives? They are clean files.
Thank you.
-
This page seems to be <suspicious>
http://www.UnmaskParasites.com/security-report/?page=www.mumonkey.com
scroll down to " Suspicious Inline Scripts "
-
Thank you for that, I fixed the 2 javascript errors in the files it was detecting by getting rid of w/e the vars were, and they did no seem to be affecting anything. We still have the problem of the index page only getting a JS:Illredir-R [Trj] in the object "http://www.mumonkey.com/index.php|>{gzip}". Any clue on that one? sometimes it makes firefox come up with an error "connection reset", which avast! says it aborted the connection. Any suggestions? Thank you.
-
Any suggestions? Thank you.
Sorry no expert on this, but Polonus or DavidR probably have an idea.....when they are back online
-
Im just wondering if the vars at the end of all of our javascripts, that i have no idea what do, is causing this. here is the 2 vars that show up as suspisious. Could they be the culprit?
-
Virtually all of your .js scripts appear to have been hacked in the same way as the UnmaskParasites report.
I got alerts on over 6 of them before I killed the page.
Modify and Remove the attachment in your post as avast is alerting on that too.
What created your .js files ?
Hacks like this are usually down to out of date/vulnerable content management software being exploited.
-
Ok, i removed the attachment. Ermmm..... what in the world is that? encrypted javascript? I will try removing it from the site. As to who made the javascript, I don't think it was there at first. It just started recently, so I am guessing this was an attack on the site (it has happened before). >.> Thanks
Found the problem, an Iframe that shouldn't be there....
Thanks for the help! Problem is solved on avast! side of things
-
JavaScript is a plain language scripting language, under normal circumstances there should be no need to encrypt it, but this attachment I don't believe the is encrypted or it couldn't easily be scanned as it would first require decryption.
This attachment was a zipped (packed) javascript file, the act of zipping it actually obfuscates the javascript code trying to hide its true purpose or intent.