User9426 0 Posted June 28 Share Posted June 28 (edited) Hi, I have a problem with my website "https://www.anxxxxxxxxxxxxnd.sk/". When I add some product to cart and enter the checkout page, this Eset's error page shows: https://prnt.sc/3Oxlwq7pCFX3 (it's trojan horse error). Could you check my website and find out which file makes this problem ? Edited September 11 by Marcos Redacted Link to comment Share on other sites More sharing options...
Administrators Marcos 4,842 Posted June 28 Administrators Share Posted June 28 Please read this guide for instructions how to clean a site running Magento CMS: https://sucuri.net/guides/how-to-clean-hacked-magento/, https://sucuri.net/guides/what-is-magecart/, https://www.bleepingcomputer.com/news/security/hackers-hijack-legitimate-sites-to-host-credit-card-stealer-scripts/. Should you come across any suspicious php or js files on your server that are not detected by ESET, please email them to samples[at]eset.com in an archive encrypted with the password "infected". Keep a backup copy if you decide to edit or delete them. Link to comment Share on other sites More sharing options...
User9426 0 Posted June 28 Author Share Posted June 28 I'd like to send you some files, which looks suspicious, but I didn't find any. I checked the website on that malware scanner, but no malware was found on the homepage. I can't check the checkout page in that scanner, because some product have to be in cart and then the error shows. The products in cart are saved in cookies. Could you please add some product to cart, enter the checkout page and confirm that you see the error too? Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,842 Posted June 28 Administrators Solution Share Posted June 28 35 minutes ago, User9426 said: Could you please add some product to cart, enter the checkout page and confirm that you see the error too? That's not necessary, I know that the malware would be injected and detected then. It's important to check especially the php files on the web server for obfuscated or suspicious scripts. Link to comment Share on other sites More sharing options...
User9426 0 Posted June 29 Author Share Posted June 29 Hi, we found a source of the problem. These lines of code caused the problem: https://prnt.sc/2xk-uHCohaYx This could be helpful for someone in future. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,842 Posted June 29 Administrators Share Posted June 29 1 hour ago, User9426 said: Hi, we found a source of the problem. These lines of code caused the problem: https://prnt.sc/2xk-uHCohaYx This could be helpful for someone in future. Please provide me with the file in which you have found the malicious code as well as with the path to the file. Link to comment Share on other sites More sharing options...
User9426 0 Posted June 29 Author Share Posted June 29 Hi, the code wasn't in file. The GTM script was inserted in database. Link to comment Share on other sites More sharing options...
Recommended Posts