Jump to content

Recommended Posts

Posted

I have been trying to access akc.org and get a message that ESET has removed a threat when trying to access the website.  I have scanned my computer but nothing was found.  I am running ESET NOD Antivirus 14.2.24.0 using Edge.  AKC has now blacklisted my IP address.  How do I fix this?

 

image.png

  • Administrators
Posted

You can inform the owner of the domain that it was compromised and a malicious javacsript is injected in some js files.

Detecting the malware could not cause your IP address to be banned.

Posted

Gretchen6205, the same thing just happened to me and I did the same thing you did but nothing has helped.  Were you able to get this resolved?

  • Administrators
Posted
10 hours ago, Lee P said:

Gretchen6205, the same thing just happened to me and I did the same thing you did but nothing has helped.  Were you able to get this resolved?

What website was the threat detected on? Are you the owner or administrator of the website in question?

Posted (edited)
On 10/28/2021 at 1:56 PM, gretchen6205 said:

I have been trying to access akc.org and get a message that ESET has removed a threat when trying to access the website. 

This web site is heavily infected. Below are the detections encounter when I accessed the web site. My concern is Eset did not block access to the web site using Firefox as it stated it did.

hxxps://www.akc.org/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
hxxps://www.akc.org/wp-content/plugins/gigya-socialize-for-wordpress/gigya.js?ver=5.8.1
hxxps://www.akc.org/wp-content/plugins/gigya-socialize-for-wordpress/features/raas/gigya_raas.js?ver=5.7.3.4
hxxps://www.akc.org/wp-includes/js/wp-embed.min.js?ver=5.8.1
hxxps://www.akc.org/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1

Eset_Malware.thumb.png.b9869569e90c84dd3159a62fda48f6c4.png

Edited by itman
  • Administrators
Posted

The connection was indeed terminated; the downloaded script ends with "function(e){S(this).wrapInner(n.call", ie. it's incomplete and thus not working, ie. it could not run and do anything malicious.

Posted
10 minutes ago, Marcos said:

The connection was indeed terminated; the downloaded script ends with "function(e){S(this).wrapInner(n.call", ie. it's incomplete and thus not working, ie. it could not run and do anything malicious.

From this reply, I infer that Eset is no longer blocking access to the entire web site when malware is found?

Posted
15 hours ago, Marcos said:

What website was the threat detected on? Are you the owner or administrator of the website in question?

As I said in the OP, akc.org

Posted
On 10/31/2021 at 2:31 PM, Lee P said:

Gretchen6205, the same thing just happened to me and I did the same thing you did but nothing has helped.  Were you able to get this resolved?

No, I haven't done anything.  One solution is to get another IP address, but I'm concerned about what cascading effect this might have.  Otherwise, my plan is to just wait to see if it resolves itself.

Posted
On 10/28/2021 at 12:00 PM, Marcos said:

You can inform the owner of the domain that it was compromised and a malicious javacsript is injected in some js files.

Detecting the malware could not cause your IP address to be banned.

I tried contacting akc.org and the customer service desk was not helpful.  I did not try to discuss the matter with the IT dept., however, I sent an email to akc and they asked for my IP address.  I have not heard anything back yet

Posted
On 10/28/2021 at 12:00 PM, Marcos said:

You can inform the owner of the domain that it was compromised and a malicious javacsript is injected in some js files.

Detecting the malware could not cause your IP address to be banned.

I do not have the expertise to go back to akc to tell them their website has been compromised, they'll only ask for more details that I do not have.  Is it possible for ESET to advise them of the issue?  Does akc already know the website has been compromised?  Since it's such a mess, should I give up (for now) trying to log into my account at akc.org?

  • Most Valued Members
Posted
6 hours ago, gretchen6205 said:

I do not have the expertise to go back to akc to tell them their website has been compromised, they'll only ask for more details that I do not have.  Is it possible for ESET to advise them of the issue?  Does akc already know the website has been compromised?  Since it's such a mess, should I give up (for now) trying to log into my account at akc.org?

If the website isn't yours , and still you want to help , all you need to do is send them an email with the detection message screenshot attached, that's all you can do from your side.

  • 1 month later...
Posted

Having the same issues for https://baysuit.org

 

This is my website and I have scanned all my files no virus

 

What should I do?

  • Administrators
Posted
3 hours ago, Malika said:

Having the same issues for https://baysuit.org
This is my website and I have scanned all my files no virus
What should I do?

Searching for "if(ndsw===undefined)" should help you locate the malicious javascript.

Posted
On 12/24/2021 at 5:45 AM, Marcos said:

Searching for "if(ndsw===undefined)" should help you locate the malicious javascript.

Tried searching the string and I found over 700 strings having the same thing, what do you think I should do

  • 1 month later...
Posted

Hi all,

recently I accessed a Google website and it triggered my ESET Antivirus that I have downloaded on my PC. It said that the threat has been found because of JS/Agent.PIV trojan, the access has been blocked and connection terminated. The page never opened, I deleted it from Chrome history and didn't access again. After that I saw the threat is stored in my ESET quarantine, I guess that means it can't create any damage. Is my computer fully safe and what would happen if I delete it from quarantine? Will it be deleted from my computer fully or put back? Also, do I need to manually delete the stuff from quarantine, or is ESET going to do that after some time? Thank you.

Kind Regards.

  • Administrators
Posted
41 minutes ago, mmila said:

It said that the threat has been found because of JS/Agent.PIV trojan, the access has been blocked and connection terminated.

ESET blocked the threat, your computer is safe.

Posted

Thanks @Marcos,

that's a relief. What about my question about quarantine. What will happen if I delete it from quarantine, will I manage to remove it fully from my computer, or is ESET going to do that after some time?

  • Administrators
Posted

Files in quarantine are stored in an encrypted form so they don't pose any risk. Feel free to delete quarantined files unless you suspect them to be false positives which is not the case.

  • 4 weeks later...
Posted

the same message came to me when I tried to access my blog. I temporarily uninstalled ESET web protection and entered my blog (in wordpress), but wordpress says the site is ok. So?

Stefano

https://imgur.com/Dy8eoCd

 

  • Administrators
Posted
22 minutes ago, Stefano1045 said:

the same message came to me when I tried to access my blog. I temporarily uninstalled ESET web protection and entered my blog (in wordpress), but wordpress says the site is ok. So?

Searching for "token=function()" should help you locate the malicious JavaScript.

Posted

Thank you, but: maybe i have to search some other way? Please note that I am not a webmaster

 

immagine.png.e8bfb7963f46c0f4ac2684a99014c18f.png

Posted (edited)
2 hours ago, Stefano1045 said:

Thank you, but: maybe i have to search some other way?

I scanned your domain, hxxps://librilettiscritti.it/, at Quttera. It contains 10 malicious files. The scan report: https://quttera.com/detailed_report/librilettiscritti.it , contains all the detail you need to find the malicious code references.

If you don't have the technical skills to remove this malware, you will have to hire someone; e.g. Quttera, to remove the malware for you.

In your case however, it appears this would be the webmaster responsibility since the malicious code is being injected from a remote source. That is, the web server is not properly secured and is probably infected.

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...