Author Topic: Web Shield - blocked trojan - js:scriptdc-inf [trj]?  (Read 4218 times)

0 Members and 1 Guest are viewing this topic.

Online !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2209
    • The WAR Against Malware
Re: Web Shield - blocked trojan - js:scriptdc-inf [trj]?
« Reply #15 on: January 21, 2012, 05:42:48 PM »
Sucuri does NOT clean the infected code UNLESS you pay for it.


If you can edit your source code, search for the malcode provided in the
previous image provided by Pondus and delete it.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Online polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 24604
  • malware fighter
Re: Web Shield - blocked trojan - js:scriptdc-inf [trj]?
« Reply #16 on: January 21, 2012, 07:13:04 PM »
Hi mlapage,

I do not get an avast alert now. This still could be patched: -www.msolarpro.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.2 suspicious
[suspicious:2] (ipaddr:184.154.88.218) -www.msolarpro.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.2
     status: (referer=-www.google.com/trends/hottrends)saved 16949 bytes 91588590e403cf96232b117e04289bbc21b898be
     info: [script] -www.msolarpro.com/wp-includes/js/jquery/jquery.js?ver=1.7.1
     info: [script] -www.msolarpro.com/wp-content/plugins/brainhost-plugin/script.js?ver=1.0
     info: [script] -www.brainhost.com/ads/ad.js?size=300x250
     info: [script] -www.brainhost.com/ads/ad.js?size=120x600
     info: [script] -www.msolarpro.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20111117
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     info
No particulars now here: http://wepawet.iseclab.org/view.php?hash=fc212bf7576cae45a08415e6b278b2e8&t=1327169129&type=js

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 72272
  • No support PMs thanks
Re: Web Shield - blocked trojan - js:scriptdc-inf [trj]?
« Reply #17 on: January 21, 2012, 07:47:25 PM »
In its results it is only showing what it considers infected/suspect it won't clean it as that in itself would be hacking if someone could ask it to check the site out and that resulted in changes unknown to the owner.

Any cleaning is down to the site owner, it does however offer service plans to clean up sites, I have never used any of their services though. The one site clean-up premium service plan does seem reasonably good value though http://sucuri.net/signup.

####
I don't get an alert visiting your site using firefox 9.0.1.

So it would appear that something has been updated/cleaned up in regard of the wordpress files as sucuri no longer flags it as infected, see image.

Looks like you don't have to do anything else.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.3.2225 R3 SP1/ Outpost Firewall Pro9.1/ Firefox 39.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.8/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security