JS/Agent.QNO found on WordPress Installation

[cheyenne 0]

Hello,

 

I have find an issue at the following WordPress Installation:

sound-traffic.de

JS/Agent.QNO

How can I identify where to look? Any help appreciated.

[Marcos 5,074]

There is a malicious JS injected in web pages:

[cheyenne 0]

Thank you!

How can I remove it? At the moment I copy every folder to a test PC. ESET messages that it removed infected files and then I copy the folders back. But is there any better solution?

[itman 1,659]

Most likely the malicious code is in a WordPress plug-in.

Here's another thread on the detection: https://forum.eset.com/topic/34797-jsagentqno-trojan-access-detection/. Submitting hash from Eset Detection log related entry to VirusTotal might give some additional detail on location of the malicious script.

Edited December 24, 2022 by itman

[itman 1,659]

Also, I can access this web page: https://sound-traffic.de/ w/o issue in Firefox using Eset.

[Marcos 5,074]

12 hours ago, itman said:

Also, I can access this web page: https://sound-traffic.de/ w/o issue in Firefox using Eset.

Yes, it appears that the malware has been removed from where it was before.