Administrators Marcos 5,267 Posted November 5, 2021 Administrators Share Posted November 5, 2021 50 minutes ago, Sarah Whiteman said: We're expereincing alerts with our eset firewall detecting foreign content JS/Agent.OZD url: https://umdm.gov.za Searching for "controllers.php?id='+token();" should help you locate the malicious javascript. Link to comment Share on other sites More sharing options...
Sarah Whiteman 0 Posted November 5, 2021 Share Posted November 5, 2021 1 hour ago, Marcos said: Searching for "controllers.php?id='+token();" should help you locate the malicious javascript. Would you please enlighten me as to where I must search Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted November 5, 2021 Administrators Share Posted November 5, 2021 3 minutes ago, Sarah Whiteman said: Would you please enlighten me as to where I must search In html and js files on the website. Link to comment Share on other sites More sharing options...
alvaradoherman 0 Posted December 6, 2021 Share Posted December 6, 2021 I went to a website that ESET (which is installed on my PC) recognised as JS/Agent.OZD. However, at that time, the website was already launched. Is it possible that my computer has become infected with the virus? Despite the fact that the ESET notification said that access had been banned. Thank you and best wishes, Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted December 6, 2021 Administrators Share Posted December 6, 2021 14 minutes ago, alvaradoherman said: However, at that time, the website was already launched. Is it possible that my computer has become infected with the virus? No. As the website was attempting to load a malicious js file, the connection was terminated and the malicious file was not downloaded. Link to comment Share on other sites More sharing options...
Aflores 0 Posted December 21, 2021 Share Posted December 21, 2021 Hi there! I got a problem in my site: campus.aureaformacion.com ESET Internet Securty (instaled in my PC) detect a JS/Agent.OZD problem threat in the site. I downloaded all the files in the site by FTP and run an scan to try to identify the issue but ESET antivirus didn't detect anything. I also talked with the server support and explain my problem but they didn't found anything either. Could be a false positive from the ESET? Hope you can help me with my problem Best regards. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted December 21, 2021 Administrators Share Posted December 21, 2021 5 hours ago, Aflores said: I got a problem in my site: I'm unable to reproduce the detection. Moreover, the site is not rendered properly and also throws error 403 on some pages. Link to comment Share on other sites More sharing options...
itman 1,746 Posted December 21, 2021 Share Posted December 21, 2021 7 minutes ago, Marcos said: I'm unable to reproduce the detection. I received the Eset detection upon initial attempted access to the web site using EIS and Firefox: Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted December 21, 2021 ESET Insiders Share Posted December 21, 2021 No detection here with ESSP and Brave, but the page renders. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted December 21, 2021 Administrators Share Posted December 21, 2021 Ok, had to use Firefox and clear the cache. Searching for "var ndsj=true" should help you locate the malicious javascript. Link to comment Share on other sites More sharing options...
aviton 0 Posted January 4, 2022 Share Posted January 4, 2022 HiThe similar issue. phpBB forum, trojan JS/Agent.OZD recognized. Can you point me to the correct file/script on my board? forum.israfish.com Thank you in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted January 4, 2022 Administrators Share Posted January 4, 2022 2 hours ago, aviton said: Can you point me to the correct file/script on my board? Searching for "if(ndsj===undefined)" should help you locate the malicious js. Link to comment Share on other sites More sharing options...
hendrixbridge 0 Posted January 23, 2022 Share Posted January 23, 2022 Hi, can you help me, whee should I search for the malicious js for https://frontispis.com? Link to comment Share on other sites More sharing options...
hendrixbridge 0 Posted January 23, 2022 Share Posted January 23, 2022 Please, ignore my last post, I found it. The problem was in old Divi theme Link to comment Share on other sites More sharing options...
Recommended Posts