« previous next »
Pages: 1 [2]   Go Down

Author Topic: My wordpress site infected by JS:Redirector-NT [Trj], please help  (Read 19615 times)

0 Members and 1 Guest are viewing this topic.

moonheart

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #15 on: February 07, 2012, 01:59:20 PM »
Quote from: true indian on February 07, 2012, 01:06:34 PM
Can u give us a screenshot of the alert.

Here is the screenshot of Avast alert when I try to open the site hxxp://coolmathgamesonline.net.
Logged

moonheart

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #16 on: February 07, 2012, 02:02:23 PM »
Quote from: true indian on February 07, 2012, 01:55:05 PM
Hey! u are using a old version of avast! download the latest free version from here:

http://www.avast.com/free-antivirus-download
Yes you are correct. That is one old version. But now I attached the screenshot of new avast antivirus alert when I try to open the site coolmathgamesonline.net. I installed the new avast by uninstalling the old one few hours back..
Logged

true indian

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #17 on: February 07, 2012, 02:04:58 PM »
hxxp://coolmathgamesonline.net/wp-content/themes/NextWPA/js/jquery-1.2.3.pack.js

It seems like that the problem.
Logged

moonheart

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #18 on: February 07, 2012, 02:14:34 PM »
Quote from: true indian on February 07, 2012, 02:04:58 PM
hxxp://coolmathgamesonline.net/wp-content/themes/NextWPA/js/jquery-1.2.3.pack.js

It seems like that the problem.

I just downloaded my theme, plugin and other correspondent files and then scan with new avast antivirus but no any threat alert shown. How will I distinguish the threat now?

And the strange thing is when I open the site first time on my browser threat shows, but later when I open the homepage or other pages threat does not show.
« Last Edit: February 07, 2012, 02:18:57 PM by moonheart »
Logged

moonheart

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #19 on: February 07, 2012, 02:41:18 PM »
Quote from: true indian on February 07, 2012, 02:04:58 PM
hxxp://coolmathgamesonline.net/wp-content/themes/NextWPA/js/jquery-1.2.3.pack.js

It seems like that the problem.

Hi it seems that you are from India. Can we please discuss my problem through chat for the first response. Sorry moderator if this is wrong, please delete my reply.
Logged

kbuleon

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #20 on: February 09, 2012, 10:51:15 AM »
Hi guys,

Thanks for your wonderfull advices. I had my Wordpress infected.
I removed manually the infected files, but i'm not sure i removed all of them.
Now http://sitecheck.sucuri.net says its clean.

But, yesterday after i finished i had an avast alert. Not sure if that was a remaining cache file infected or if the trojan is still here.

My web site : http://www.regardsurlemonde.fr/blog/

How do you proceed to know the differents files infected ?

Can you tell me if its clean or not now ?

regards




Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #21 on: February 09, 2012, 04:19:06 PM »
Quote from: kbuleon on February 09, 2012, 10:51:15 AM
Hi guys,

Thanks for your wonderfull advices. I had my Wordpress infected.
I removed manually the infected files, but i'm not sure i removed all of them.
Now http://sitecheck.sucuri.net says its clean.

But, yesterday after i finished i had an avast alert. Not sure if that was a remaining cache file infected or if the trojan is still here.

My web site : http://www.regardsurlemonde.fr/blog/

How do you proceed to know the differents files infected ?

Can you tell me if its clean or not now ?

regards
you should start your own topic as helping multiple users in same topic will be chaotic
attach a screen shot of the avast warning if you still have problems

HTML scan at VT say clean
https://www.virustotal.com/file/8dc746e23e59282e7cd94f5cd108d41f4bebf2d391d8126313b9f9404b6c13ed/analysis/1328800214/

urlQuery say suspicious
http://urlquery.net/report.php?id=20147

« Last Edit: February 09, 2012, 04:20:39 PM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #22 on: February 09, 2012, 05:38:09 PM »
Suspicious code here:
-www.regardsurlemonde.fr/blog/wp-content/plugins/pointelle-slider/js/jquery.cycle.js?ver=1.1 suspicious
[suspicious:2] (ipaddr:213.186.33.19) (script) -www.regardsurlemonde.fr/blog/wp-content/plugins/pointelle-slider/js/jquery.cycle.js?ver=1.1
     status: (referer=-www.regardsurlemonde.fr/blog/)saved 32046 bytes e98fc1630e4a5268e15733ddd6280cdff3b09f6f
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable $.browser
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var $.browser = 1;
          error: line:1: ....^
     suspicious:   I get no avast webshield alert now going to the main site.
Found to be malicious here: http://trafficlight.bitdefender.com/info?url=http://www.regardsurlemonde.fr/blog/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

rvtalawila

  • Guest
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #23 on: February 16, 2012, 05:51:18 PM »
I am having issues with my PPI site http://ppi-insuranceclaims.co.uk. This is only a recent thing. My Avast version is 6.0.1637 and fully updated.

This is ofcourse a big concern as I do not want to lose customers. I have run a check on http://sitecheck.sucuri.net/results/http://ppi-insuranceclaims.co.uk which shows no issues.

Can anyone help?

Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: My wordpress site infected by JS:Redirector-NT [Trj], please help
« Reply #24 on: February 16, 2012, 05:54:25 PM »
Quote from: rvtalawila on February 16, 2012, 05:51:18 PM
I am having issues with my PPI site http://ppi-insuranceclaims.co.uk. This is only a recent thing. My Avast version is 6.0.1637 and fully updated.

This is ofcourse a big concern as I do not want to lose customers. I have run a check on http://sitecheck.sucuri.net/results/http://ppi-insuranceclaims.co.uk which shows no issues.

Can anyone help?
you should start your own topic   ;).......guess not

This page seems to be <suspicious>  1 suspicious inline script found.

Jotti
http://virusscan.jotti.org/en/scanresult/4c25f58446b1e85557c926d6c5cd61a969675dc0


« Last Edit: February 16, 2012, 06:12:50 PM by Pondus »
Logged
Pages: 1 [2]   Go Up
« previous next »