JS:iframe-EPM [Trj]

[REDACTED]

Avast wyrzuca monit o JS:iframe-EPM [Trj], gdy wchodzą w różne panele Wordpress na jednym serwerze, niezależnie od przeglądarki i komputera. Trojan uniemożliwia edycję treści w panelu Wordpress - nie wyświetla konkretnej ramki iframe.

Co zrobić? Nie mogę znaleźć odpowiedzi nigdzie w sieci. Dzięki za pomoc.

[Eddy]

This is a English forum.
Post in English here or use one of the non-English forums.

[Asyn]

...or use one of the non-English forums.

-> https://forum.avast.com/index.php?board=21

[REDACTED]

Sorry for Polish

Avast is giving me alert about JS:iframe-EPM [Trj], when I'm using Wordpress panels to edit some pages (multiple Wordpress instalation on one server, multiple browsers and computers). I'm unable to edit some content in the iframe. What should I do?

Thanks for your help.

[Asyn]

Which page/site..? Post the link non clickable.

[REDACTED]

zkp.krakow.pl/27
messiaen.pl

[Asyn]

-> https://sitecheck.sucuri.net/results/zkp.krakow.pl/27
-> https://sitecheck.sucuri.net/results/messiaen.pl

[Pondus]

-> https://sitecheck.sucuri.net/results/zkp.krakow.pl/27
-> https://sitecheck.sucuri.net/results/messiaen.pl

https://www.virustotal.com/en/file/c40b973f06a4faa8a23406dd8fcd2a896df5b1c664492cb3c60f3308c9d2193b/analysis/1454948229/

[Eddy]

IP and/or domain are blacklisted :
http://zulu.zscaler.com/submission/show/3877777ac1803ed0aa9b2f7d95f09c68-1454947580
http://urlquery.net/report.php?id=1454947714363
http://urlquery.net/report.php?id=1454947743237
http://multirbl.valli.org/lookup/188.116.9.4.html

[REDACTED]

Hi all,

Newbie here; sorry if not clear how to seek guidance. 

Am receiving JS:Iframe-EPM [Trj] "infection blocked" message from AVAST FREE when trying to open seemingly benign and reputable website.  The particulars:

Target page:  http://libertyprairie.org/
URL:  http://libertyprairie.org/wp-content/themes/organic_natural/js/jquery.flexslider.js?ver=20130729|{gzip}
Infection:  JS:Iframe-EPM [Trj]
Process:  F:\Program Files\Google\Chrome\Application\chrome.exe

Your thoughts?
Thanks!

[Eddy]

And there we have another site that is using WP and JQuery and got itself into problems because it is not up-to-date.

[REDACTED]

@Eddy:

Thanks, but your answer seems to be mostly for Pondus and Asyn.

From my own (user) perspective:  I'm not sure what to do about "another site" that uses WP and JQuery and gets itself into trouble.  Did my AVAST really detect a virus, or just an outdated script configuration that creates a vulnerability?  Am I supposed to notify the host they're infected? scold them for not keeping their scripts up-to-date? turn off AVAST and proceed at my own risk?

Maybe you're saying that the host site is either (i) infected or (ii) configured in a way that it's unsafe to load due to vulnerabilities ... in which case, many thanks.  But if not, blocking sites from loading because their scripts are outdated would seem to be as much an AVAST problem as it is a site problem.

Or am I missing something?  Sorry in advance.

[Pondus]

KIllmalware >>  http://killmalware.com/libertyprairie.org/


libertyprairie.org/wp-content/themes/organic_natural/js/retina.js?ver=20130729

https://www.virustotal.com/en/file/34726a1f643337e98bbf3cd65e9f41f7b88a5da2ca2a40ed048315a6c9b56cfe/analysis/

avast and GData dont like that JS file

[Pondus]

could be related to this? ...   http://imulus.github.io/retinajs/     possible false positive ?

[REDACTED]

@Eddy:

Thanks, but your answer seems to be mostly for Pondus and Asyn.

From my own (user) perspective:  I'm not sure what to do about "another site" that uses WP and JQuery and gets itself into trouble.  Did my AVAST really detect a virus, or just an outdated script configuration that creates a vulnerability?  Am I supposed to notify the host they're infected? scold them for not keeping their scripts up-to-date? turn off AVAST and proceed at my own risk?

Maybe you're saying that the host site is either (i) infected or (ii) configured in a way that it's unsafe to load due to vulnerabilities ... in which case, many thanks.  But if not, blocking sites from loading because their scripts are outdated would seem to be as much an AVAST problem as it is a site problem.

Or am I missing something?  Sorry in advance.

Thanks for this question as it provides more insight to what I have suspected is going on than the answers so far.  I also need assistance with this new problem from the last update.  Avast won't allow me to proceed on a website I've used easily in the past that I upload my invoices to.  I've tried both Chrome & Firefox and Avast has taken away my auto-login to this page (http://intranet.manascisaac.com/) and I find this totally unacceptable.  When did the software not allow the user the option to quarantine or permit?