jennysmyth09 0 Posted March 20 Share Posted March 20 Hi, My website got infected with a malicious code and i scanned my JS files and eset detected this virus JS/Agent.QGW How do i remove this malicious script from the javascript files. Any help will be greatly appreciated as i dont want to loose my website content. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted March 20 Administrators Share Posted March 20 Please provide the website url. Quote Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 20 Author Share Posted March 20 Hi, Thanks for the prompt reply. The website is actually hosted with bluehost and they suspended my account after telling me that my hosting is infected with malware so the website link is down and i dont know how useful it will be to share the url. Anyways the url is https://anayaschool.com/ but it leads to https://anayaschool.com/cgi-sys/suspendedpage.cgi Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted March 20 Administrators Share Posted March 20 Unfortunately we cannot help as long as the website is not available and we reproduce the detection. I'm not sure if Sucuri or another website cleaning service is able to help if a website is suspended but you can ask them. Quote Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 20 Author Share Posted March 20 I understand. I actually scanned the infected files online on virustotal and it detected the virus so if you want i can share the file so you can take a look? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted March 20 Administrators Share Posted March 20 1 hour ago, jennysmyth09 said: I understand. I actually scanned the infected files online on virustotal and it detected the virus so if you want i can share the file so you can take a look? Yes, you can share the file with me. If detected, I should be able to pinpoint the malicious code. Quote Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 21 Author Share Posted March 21 Here is a zip folder with infected files that i downloaded from the site. js.zip Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,704 Posted March 21 Administrators Solution Share Posted March 21 The malicious JS is appended at the end of each file. Searching for "function C(V,Z)" should help you locate it. Quote Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 21 Author Share Posted March 21 Thank you for your help. I really appreciate it. Just one last thing if you can guide me. Once i remove this code is there any chance that it can come back in the future. I researched online and saw that many people complained that even though they removed the malicious code it came back after some time. Is there a chance that some hidden code will remain on my site? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted March 21 Administrators Share Posted March 21 Cleaning a site assumes that you will also harden it against further exploitation and install the latest version of the software and plug-ins. Otherwise the site may get infected again in the future. Chas4 1 Quote Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 21 Author Share Posted March 21 Thank you very much. You have been very helpful. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.