Jump to content

HTML/ScrInject.B trojan report in website by ESET


Go to solution Solved by garywang,

Recommended Posts

Posted

Hello 

Recently I got some reports by our site users that ESET is blocking there access to our website.

I use beyond compare to compare website scripts with local scripts, it is totally same.

The site was scanned with different websites and there are not showing any of those issues.

 

HTML/ScrInject.B trojan

Blocked address (maybe):

hxxp://www.mynoteskeeper.com/
hxxp://www.mynoteskeeper.com/.well-known

 

the .well-known contain  a acme-challenge folder and no any file.

 

How can we solve this issues ?

  • Administrators
Posted

I was able to open the website alright, nothing was detected or blocked. Please provide logs collected with ESET Log Collector.

  • Administrators
Posted

There is a loader that loads a php from cdn.jsinit.directfwd.com, please remove it.

Posted

Thanks your reply, I pause ESET protection and find this script.

But I search my website and not found this script code, how to find and remove it?

z1kIyYeZf2.png

  • Administrators
Posted

It appears that the script is served when 403 is returned by the server. Note that it's compressed with gzip so you can't find by searching for the link:

image.png

image.png

  • Solution
Posted

wow! thanks very much for your help.

I found any address return 403 or 404, it has the same problem in response.

I change .htaccess these line can avoid it

ErrorDocument 403 /err/403.htm
ErrorDocument 404 /err/404.htm

But I still no way to solve it completely.

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...