Author Topic: avast blocked my wordpress site  (Read 6389 times)

0 Members and 1 Guest are viewing this topic.

TuneR

  • Guest
avast blocked my wordpress site
« on: February 07, 2012, 11:26:08 PM »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: avast blocked my wordpress site
« Reply #2 on: February 07, 2012, 11:50:58 PM »
Hi TuneR,

I see an issue in the code here: suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
-www.banknieruchomosci.suwalki.pl/js/mootools.js suspicious
[suspicious:2] (ipaddr:46.4.118.84) (script) -www.banknieruchomosci.suwalki.pl/js/mootools.js
     status: (referer=www.banknieruchomosci.suwalki.pl/)saved 70248 bytes 2bc531db9e66f06b8ed8c191594d7dccbb1e151c
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     suspicious:
Also check the code following ddfs_data . It is given as suspicious here: http://www.unmaskparasites.com/security-report/?page=www.banknieruchomosci.suwalki.pl   - but I cannot see any badware redirect or RFI, but check it anyway!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: avast blocked my wordpress site
« Reply #3 on: February 07, 2012, 11:56:30 PM »

TuneR

  • Guest
Re: avast blocked my wordpress site
« Reply #4 on: February 08, 2012, 12:10:20 AM »
Hi TuneR,

Also check the code following ddfs_data . It is given as suspicious here: http://www.unmaskparasites.com/security-report/?page=www.banknieruchomosci.suwalki.pl   - but I cannot see any badware redirect or RFI, but check it anyway!

polonus

Thanks, I deleted it but Avast still says that I have trojan on my website :|
How to rid of it ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
« Last Edit: February 08, 2012, 12:18:35 AM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: avast blocked my wordpress site
« Reply #6 on: February 08, 2012, 12:20:36 AM »
Hi Pondus,

There is nothing malcious there per se, just might be unpatched code and/or vulnerabilities.
So it should be reported tp avast and the site can be de-blocked with a coming update.....
Well it is jsunpack that flags that bit of code following a hick-up, so there must be some issue. Plug-in code should be checked regularly for RIF.
See: http://www.whitefirdesign.com/resources/check-if-a-web-page-is-redirecting-when-accessed-from-google.html
But as you mentioned this kind of malware is a fast moving circus, so they might already have broken up their tents and keeping show in another place,
e.g. have migrated their malicious activities elsewhere...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

TuneR

  • Guest
Re: avast blocked my wordpress site
« Reply #7 on: February 08, 2012, 08:11:10 AM »
So it' clear now ? Today I'm gonna update wordpress to 3.3.1 - is it goog idea ?

true indian

  • Guest
Re: avast blocked my wordpress site
« Reply #8 on: February 08, 2012, 08:16:23 AM »
So it' clear now ? Today I'm gonna update wordpress to 3.3.1 - is it goog idea ?

Yes...it is a good thing to do  :)

TuneR

  • Guest
Re: avast blocked my wordpress site
« Reply #9 on: February 08, 2012, 08:54:43 AM »
Now my Avast shows something like this:

http://www.imagebanana.com/view/1l3yzv5w/guz.JPG

 :-X

(it's in polish - Zarżenie means infection, Działanie: czynność zablokowano - Action - blocked the action)

Is there any posibility that something is cached ? Because on my second laptop (win 7 and newest Avast) i don't get such notices :|

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: avast blocked my wordpress site
« Reply #10 on: February 08, 2012, 12:04:41 PM »
have you tried to get help from Sucuri ?.....it is not free    http://sucuri.net/signup

TuneR

  • Guest
Re: avast blocked my wordpress site
« Reply #11 on: February 08, 2012, 01:42:51 PM »
First i'll try to update my wordpress.

TuneR

  • Guest
Re: avast blocked my wordpress site
« Reply #12 on: February 10, 2012, 12:53:40 PM »
I've found solution for my trojan issues. After I managed to remove js:Redirector-NT [Trj] in few hours avast said that I have js:Redirector-VR [Trj] or js:Redirector-MR [Trj] trojan on my website :| So only solution was to upload once again all wordpress files. For 24h I have no trojan alerts!