Author Topic: Web Shield - blocked trojan - js:scriptdc-inf [trj]?  (Read 3137 times)

Offline !Donovan

  • LÖVE Scripting Website Analyst
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2138
  • Gender: Male
  • f(x)=2x+1
    • The WAR Against Malware
    • Personal Message (Offline)
Re: Web Shield - blocked trojan - js:scriptdc-inf [trj]?
« Reply #15 on: January 21, 2012, 03:42:48 PM »
Sucuri does NOT clean the infected code UNLESS you pay for it.


If you can edit your source code, search for the malcode provided in the
previous image provided by Pondus and delete it.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Useful Links: Sucuri SiteCheck | WAR | urlQuery | URLVoid | Wepawet

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20161
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Web Shield - blocked trojan - js:scriptdc-inf [trj]?
« Reply #16 on: January 21, 2012, 05:13:04 PM »
Hi mlapage,

I do not get an avast alert now. This still could be patched: -www.msolarpro.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.2 suspicious
[suspicious:2] (ipaddr:184.154.88.218) -www.msolarpro.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.2
     status: (referer=-www.google.com/trends/hottrends)saved 16949 bytes 91588590e403cf96232b117e04289bbc21b898be
     info: [script] -www.msolarpro.com/wp-includes/js/jquery/jquery.js?ver=1.7.1
     info: [script] -www.msolarpro.com/wp-content/plugins/brainhost-plugin/script.js?ver=1.0
     info: [script] -www.brainhost.com/ads/ad.js?size=300x250
     info: [script] -www.brainhost.com/ads/ad.js?size=120x600
     info: [script] -www.msolarpro.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20111117
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     info
No particulars now here: http://wepawet.iseclab.org/view.php?hash=fc212bf7576cae45a08415e6b278b2e8&t=1327169129&type=js

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69233
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Web Shield - blocked trojan - js:scriptdc-inf [trj]?
« Reply #17 on: January 21, 2012, 05:47:25 PM »
In its results it is only showing what it considers infected/suspect it won't clean it as that in itself would be hacking if someone could ask it to check the site out and that resulted in changes unknown to the owner.

Any cleaning is down to the site owner, it does however offer service plans to clean up sites, I have never used any of their services though. The one site clean-up premium service plan does seem reasonably good value though http://sucuri.net/signup.

####
I don't get an alert visiting your site using firefox 9.0.1.

So it would appear that something has been updated/cleaned up in regard of the wordpress files as sucuri no longer flags it as infected, see image.

Looks like you don't have to do anything else.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now