cheyenne 0 Posted December 23, 2022 Posted December 23, 2022 Hello, I have find an issue at the following WordPress Installation: sound-traffic.de JS/Agent.QNO How can I identify where to look? Any help appreciated.
Administrators Marcos 5,449 Posted December 23, 2022 Administrators Posted December 23, 2022 There is a malicious JS injected in web pages:
cheyenne 0 Posted December 23, 2022 Author Posted December 23, 2022 Thank you! How can I remove it? At the moment I copy every folder to a test PC. ESET messages that it removed infected files and then I copy the folders back. But is there any better solution?
itman 1,801 Posted December 23, 2022 Posted December 23, 2022 (edited) Most likely the malicious code is in a WordPress plug-in. Here's another thread on the detection: https://forum.eset.com/topic/34797-jsagentqno-trojan-access-detection/. Submitting hash from Eset Detection log related entry to VirusTotal might give some additional detail on location of the malicious script. Edited December 24, 2022 by itman
itman 1,801 Posted December 24, 2022 Posted December 24, 2022 Also, I can access this web page: https://sound-traffic.de/ w/o issue in Firefox using Eset.
Administrators Marcos 5,449 Posted December 24, 2022 Administrators Posted December 24, 2022 12 hours ago, itman said: Also, I can access this web page: https://sound-traffic.de/ w/o issue in Firefox using Eset. Yes, it appears that the malware has been removed from where it was before.
Recommended Posts