Jump to content

JS/Agent.piv


Recommended Posts

I have been trying to access akc.org and get a message that ESET has removed a threat when trying to access the website.  I have scanned my computer but nothing was found.  I am running ESET NOD Antivirus 14.2.24.0 using Edge.  AKC has now blacklisted my IP address.  How do I fix this?

 

image.png

Link to comment
Share on other sites

  • Administrators

You can inform the owner of the domain that it was compromised and a malicious javacsript is injected in some js files.

Detecting the malware could not cause your IP address to be banned.

Link to comment
Share on other sites

Gretchen6205, the same thing just happened to me and I did the same thing you did but nothing has helped.  Were you able to get this resolved?

Link to comment
Share on other sites

  • Administrators
10 hours ago, Lee P said:

Gretchen6205, the same thing just happened to me and I did the same thing you did but nothing has helped.  Were you able to get this resolved?

What website was the threat detected on? Are you the owner or administrator of the website in question?

Link to comment
Share on other sites

On 10/28/2021 at 1:56 PM, gretchen6205 said:

I have been trying to access akc.org and get a message that ESET has removed a threat when trying to access the website. 

This web site is heavily infected. Below are the detections encounter when I accessed the web site. My concern is Eset did not block access to the web site using Firefox as it stated it did.

hxxps://www.akc.org/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
hxxps://www.akc.org/wp-content/plugins/gigya-socialize-for-wordpress/gigya.js?ver=5.8.1
hxxps://www.akc.org/wp-content/plugins/gigya-socialize-for-wordpress/features/raas/gigya_raas.js?ver=5.7.3.4
hxxps://www.akc.org/wp-includes/js/wp-embed.min.js?ver=5.8.1
hxxps://www.akc.org/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1

Eset_Malware.thumb.png.b9869569e90c84dd3159a62fda48f6c4.png

Edited by itman
Link to comment
Share on other sites

  • Administrators

The connection was indeed terminated; the downloaded script ends with "function(e){S(this).wrapInner(n.call", ie. it's incomplete and thus not working, ie. it could not run and do anything malicious.

Link to comment
Share on other sites

10 minutes ago, Marcos said:

The connection was indeed terminated; the downloaded script ends with "function(e){S(this).wrapInner(n.call", ie. it's incomplete and thus not working, ie. it could not run and do anything malicious.

From this reply, I infer that Eset is no longer blocking access to the entire web site when malware is found?

Link to comment
Share on other sites

15 hours ago, Marcos said:

What website was the threat detected on? Are you the owner or administrator of the website in question?

As I said in the OP, akc.org

Link to comment
Share on other sites

On 10/31/2021 at 2:31 PM, Lee P said:

Gretchen6205, the same thing just happened to me and I did the same thing you did but nothing has helped.  Were you able to get this resolved?

No, I haven't done anything.  One solution is to get another IP address, but I'm concerned about what cascading effect this might have.  Otherwise, my plan is to just wait to see if it resolves itself.

Link to comment
Share on other sites

On 10/28/2021 at 12:00 PM, Marcos said:

You can inform the owner of the domain that it was compromised and a malicious javacsript is injected in some js files.

Detecting the malware could not cause your IP address to be banned.

I tried contacting akc.org and the customer service desk was not helpful.  I did not try to discuss the matter with the IT dept., however, I sent an email to akc and they asked for my IP address.  I have not heard anything back yet

Link to comment
Share on other sites

On 10/28/2021 at 12:00 PM, Marcos said:

You can inform the owner of the domain that it was compromised and a malicious javacsript is injected in some js files.

Detecting the malware could not cause your IP address to be banned.

I do not have the expertise to go back to akc to tell them their website has been compromised, they'll only ask for more details that I do not have.  Is it possible for ESET to advise them of the issue?  Does akc already know the website has been compromised?  Since it's such a mess, should I give up (for now) trying to log into my account at akc.org?

Link to comment
Share on other sites

  • Most Valued Members
6 hours ago, gretchen6205 said:

I do not have the expertise to go back to akc to tell them their website has been compromised, they'll only ask for more details that I do not have.  Is it possible for ESET to advise them of the issue?  Does akc already know the website has been compromised?  Since it's such a mess, should I give up (for now) trying to log into my account at akc.org?

If the website isn't yours , and still you want to help , all you need to do is send them an email with the detection message screenshot attached, that's all you can do from your side.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...