jennysmyth09 0 Posted March 20 Share Posted March 20 Hi, My website got infected with a malicious code and i scanned my JS files and eset detected this virus JS/Agent.QGW How do i remove this malicious script from the javascript files. Any help will be greatly appreciated as i dont want to loose my website content. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted March 20 Administrators Share Posted March 20 Please provide the website url. Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 20 Author Share Posted March 20 Hi, Thanks for the prompt reply. The website is actually hosted with bluehost and they suspended my account after telling me that my hosting is infected with malware so the website link is down and i dont know how useful it will be to share the url. Anyways the url is https://anayaschool.com/ but it leads to https://anayaschool.com/cgi-sys/suspendedpage.cgi Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted March 20 Administrators Share Posted March 20 Unfortunately we cannot help as long as the website is not available and we reproduce the detection. I'm not sure if Sucuri or another website cleaning service is able to help if a website is suspended but you can ask them. Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 20 Author Share Posted March 20 I understand. I actually scanned the infected files online on virustotal and it detected the virus so if you want i can share the file so you can take a look? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted March 20 Administrators Share Posted March 20 1 hour ago, jennysmyth09 said: I understand. I actually scanned the infected files online on virustotal and it detected the virus so if you want i can share the file so you can take a look? Yes, you can share the file with me. If detected, I should be able to pinpoint the malicious code. Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 21 Author Share Posted March 21 Here is a zip folder with infected files that i downloaded from the site. js.zip Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,931 Posted March 21 Administrators Solution Share Posted March 21 The malicious JS is appended at the end of each file. Searching for "function C(V,Z)" should help you locate it. Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 21 Author Share Posted March 21 Thank you for your help. I really appreciate it. Just one last thing if you can guide me. Once i remove this code is there any chance that it can come back in the future. I researched online and saw that many people complained that even though they removed the malicious code it came back after some time. Is there a chance that some hidden code will remain on my site? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted March 21 Administrators Share Posted March 21 Cleaning a site assumes that you will also harden it against further exploitation and install the latest version of the software and plug-ins. Otherwise the site may get infected again in the future. Chas4 1 Link to comment Share on other sites More sharing options...
jennysmyth09 0 Posted March 21 Author Share Posted March 21 Thank you very much. You have been very helpful. Link to comment Share on other sites More sharing options...
Recommended Posts