Guest Fires Posted February 2, 2023 Share Posted February 2, 2023 Hello, my website has been detectet as site what include JS/Spy.Banker.IV trojan. We got problem with this in past but the website should be clean now. But the eset still detect it as threat. Is any possibility to get some debug log or extra verbose debug message what exact part of webpage is detected ? The error is just in the checkout page so I am not able to check it with free tools because it is require registration to access the checkout page. Thanks Link to comment
Administrators Marcos 5,288 Posted February 2, 2023 Administrators Share Posted February 2, 2023 If the threat continues to be detected, it must still be there. Please provide the website url in an obfuscated form. Link to comment
Guest Fires Posted February 2, 2023 Share Posted February 2, 2023 https://emotors.cz/cs/objednavka - but this page require to have some product in cart. If you dont you are redirected to cart. Link to comment
Administrators Marcos 5,288 Posted February 2, 2023 Administrators Share Posted February 2, 2023 The detection is correct. Searching for "var _0x5aa5=" will help you locate the malicious JS. Link to comment
Guest Fires Posted February 2, 2023 Share Posted February 2, 2023 I searched whole sourcodes, also searched the all loaded resources at that page for "var_***" and nothing found I am totaly lost. Link to comment
Administrators Marcos 5,288 Posted February 2, 2023 Administrators Share Posted February 2, 2023 It could be injected into clean checkout pages at runtime. Do you use the latest version of Prestashop? Asking because of this vulnerability: https://build.prestashop-project.org/news/2022/major-security-vulnerability-on-prestashop-websites/ https://www.prestashop.sk/blog/clanok/zavazna-bezpecnostna-chyba-prestashopu-1.7-a-1.6 Link to comment
Guest Fires Posted February 3, 2023 Share Posted February 3, 2023 Ok. For some reason the clean install of chrome automaticali remove the malicious script from the website without notification. If I try debug it in the firefox I was able to remove it completly from website. Thanks for the help anyway. Link to comment
Administrators Marcos 5,288 Posted February 3, 2023 Administrators Share Posted February 3, 2023 The site is still infected. Reinstalling a browser cannot make any difference since the infection is on the web server and not on the client. Link to comment
Recommended Posts