Jump to content

Recommended Posts

Posted

blocked our website wordpress, https://obedovemenunz.sk/ can you help us, how to fix it, what to look for?
Well thank you .

  • Administrators
Posted

The website was compromised and contains a malicious JS detected by ESET.

Searching for "iz.fromCharCode" should help you locate the offending JS. Make sure to update WordPress as well as all plugins you use to the latest version.

Posted

My website use the same theme and was flagged for the same error.

  • Administrators
Posted
1 minute ago, Abajo855 said:

My website use the same theme and was flagged for the same error.

What website is it?

Posted

https://www.asiaticafilmmediale.it/

This is my website. I updated the theme as suggested in the previous post but didn't fix the issue

  • Administrators
Posted
14 minutes ago, Abajo855 said:

This is my website. I updated the theme as suggested in the previous post but didn't fix the issue

Please see my advise above. Searching for "iz.fromCharCode" should help you locate the offending JS.  Don't forget to update WordPress and plugins too.

Posted
Quote

 the problem is in the tagdiv composer plugin. I found a quick-fix. This is not a permanent solution, but it works quickly:
wp-content/plugins/td-composer/css-live/css-live.php line: 142 where is <style id="tdw-css-placeholder">. Just delete code between <style id="tdw-css-placeholder"> and ending </style>

...of course if you don't need to use it.

Found and sharing this solution

Posted

Hello,

my company site is also affected with JS/Agent.RAN. Any help would be appreciated. 

www.virovitica.hr

  • Administrators
Posted
3 hours ago, Dario said:

my company site is also affected with JS/Agent.RAN. Any help would be appreciated. 

www.virovitica.hr

Searching for "iz.fromCharCode" should help you locate the malicious JS.

Also make sure to update WordPress as well as all plugins you use and scan all files with ESET to make sure no other malware is detected.

Posted

Hi @Marcos! Wondering what this particular malicious script does? Does it redirect to malvertisements or something else? 

Posted

Our two sites were also compromised with this malware and got blocked by ESET. We cleared it by updating the older Newspaper theme, that uses the vulnerable tagDiv Composer plugin, and also updated Wordpress with the rest of the plugins. Can you therefore unblock us please for the following sites:

https://www.potnik.si

https://www.zdravo.si

Thank you

  • Administrators
Posted
50 minutes ago, Champion said:

Our two sites were also compromised with this malware and got blocked by ESET. We cleared it by updating the older Newspaper theme, that uses the vulnerable tagDiv Composer plugin, and also updated Wordpress with the rest of the plugins. Can you therefore unblock us please for the following sites:

https://www.potnik.si

https://www.zdravo.si

I confirm the websites are clean now, will be unblocked shortly.

Posted

Please unblock the novice.si website. the error is the same as above.

  • Administrators
Posted
9 hours ago, novice12 said:

Please unblock the novice.si website. the error is the same as above.

It is not blacklisted, however, it's still infected and JS/Agent.RAW trojan is detected.

Posted

Hello, can you move donjastubica.hr from black list? We have made update wp, theme, and plugins. TNX

  • Administrators
Posted
8 minutes ago, Black20232023 said:

Hello, can you move donjastubica.hr from black list? We have made update wp, theme, and plugins. TNX

The website indeed appears to have been cleaned and no malware was detected while browsing it. It is not blacklisted by ESET:
https://www.virustotal.com/gui/url/a73fb31e85a3849d9148ed1d65f609336fa08a743b6c21583d0522a6aaaedc1e?nocache=1

Posted

Hi,

My website https://bnm-portal.com is up to date with WordPress and all plugins. Still has this issue:

Threat: JS/Agent.RAW trojan

Access to the web page has been blocked

Also scanned with Sucuri and no threrats found.

Coluld you remove it from blacklist?

   
  • Administrators
Posted
19 minutes ago, BNM said:

My website https://bnm-portal.com is up to date with WordPress and all plugins. Still has this issue:

Threat: JS/Agent.RAW trojan

Access to the web page has been blocked

Also scanned with Sucuri and no threrats found.

Coluld you remove it from blacklist?

   

The website is not blacklisted by ESET. However, I was unable to reproduce the detected either. Are you still getting the detection? On what page / url?

Posted (edited)
On 9/21/2023 at 5:01 PM, Abajo855 said:

Found and sharing this solution

Marcos, I followed this suggestion also. Not getting detection anymore.

Edited by BNM
Posted

hello. good morning everything is fine?

I need help with the website https://www.mundonovo.ms.gov.br/
the message JS/Agent.RAW trojan also appears.
however, checking the website https://www.virustotal.com/gui/url/ec64aed7359924af611faac17ab9dd9567d1b1efd0c1af2f87c6f10b3584a3f1/detection
it does not appear in the ESET category, but in our organization it continues to block access.
Thank you very much in advance
Att

Posted

Hi, our customers page was blacklisted too. @Marcos could you recheck? Did you found any solution for it? Mentioned above is not applicable for us.   https://monitoringmsp.sk

Posted

Dear ESET Team,

On EU-Startups.com we had the same issue but we cleaned everything. Please unblock our site asap.

Thank you!

Thomas

  • Administrators
Posted
1 hour ago, PatrikZitko said:

Hi, our customers page was blacklisted too. @Marcos could you recheck? Did you found any solution for it? Mentioned above is not applicable for us.   https://monitoringmsp.sk

It is still infected:

image.png

  • Administrators
Posted
1 hour ago, Geovan Bottoni said:

I need help with the website 

mundonovo.ms.gov.br
the message JS/Agent.RAW trojan also appears.
however, checking the website https://www.virustotal.com/gui/url/ec64aed7359924af611faac17ab9dd9567d1b1efd0c1af2f87c6f10b3584a3f1/detection
it does not appear in the ESET category, but in our organization it continues to block access.

The detection is correct. Please read through this topic, my hints above should help you locate the malicious JS in the WP database. Also make sure to update WordPress as well as all plugins and themes you use.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...