Slowboy 0 Posted June 29, 2023 Share Posted June 29, 2023 Hi, We have had this issue on our website for a week now. We had some web developers find and remove some javascript which looked like it was the issue but we are still getting the checkout pages blocked. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 30/06/2023 8:01:32 am;HTTP filter;file;https://knightgroup.co.nz/checkout/cart;JS/Spy.Banker.KN trojan;connection terminated;DESKTOP-35G460M\Rob;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (652FBB385E69B25D40A17DF64CDC8520C3F9AABA).;0B7A033FBC33BC1763DF8489725C0331DCB0F9FD; Can't find any relevant info about this. Does anyone have a sample piece of the javascript that we should be looking for? Thanks, Rob Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted June 29, 2023 Administrators Share Posted June 29, 2023 The script is likely obfuscated and can be located either in files or CMS database so it's impossible to tell where and what you should search for. Please look up other topics concerning JS/Spy.Banker here in the forum, e.g. https://forum.eset.com/topic/36831-jsspybankerkn. Link to comment Share on other sites More sharing options...
Slowboy 0 Posted June 29, 2023 Author Share Posted June 29, 2023 (edited) Hi, Have found it. Its located in the core_config_data table. This is a Magento 2.2.11 site. Regards, Rob Edited June 29, 2023 by Slowboy Link to comment Share on other sites More sharing options...
itman 1,786 Posted June 30, 2023 Share Posted June 30, 2023 5 hours ago, William Patrick said: I got the same issue; may I know the keyword you did search on core_config_data table? how to locate the script? thanks in advance Did you refer to this: https://sucuri.net/guides/how-to-clean-hacked-magento/ as I posted in the thread you created? Also Sucuri can be engaged to clean your web site. Link to comment Share on other sites More sharing options...
Recommended Posts