milos85 0 Posted September 21, 2023 Posted September 21, 2023 blocked our website wordpress, https://obedovemenunz.sk/ can you help us, how to fix it, what to look for? Well thank you .
Administrators Marcos 5,462 Posted September 21, 2023 Administrators Posted September 21, 2023 The website was compromised and contains a malicious JS detected by ESET. Searching for "iz.fromCharCode" should help you locate the offending JS. Make sure to update WordPress as well as all plugins you use to the latest version.
Abajo855 1 Posted September 21, 2023 Posted September 21, 2023 My website use the same theme and was flagged for the same error.
Administrators Marcos 5,462 Posted September 21, 2023 Administrators Posted September 21, 2023 1 minute ago, Abajo855 said: My website use the same theme and was flagged for the same error. What website is it?
Abajo855 1 Posted September 21, 2023 Posted September 21, 2023 https://www.asiaticafilmmediale.it/ This is my website. I updated the theme as suggested in the previous post but didn't fix the issue
Administrators Marcos 5,462 Posted September 21, 2023 Administrators Posted September 21, 2023 14 minutes ago, Abajo855 said: This is my website. I updated the theme as suggested in the previous post but didn't fix the issue Please see my advise above. Searching for "iz.fromCharCode" should help you locate the offending JS. Don't forget to update WordPress and plugins too.
Abajo855 1 Posted September 21, 2023 Posted September 21, 2023 Quote the problem is in the tagdiv composer plugin. I found a quick-fix. This is not a permanent solution, but it works quickly: wp-content/plugins/td-composer/css-live/css-live.php line: 142 where is <style id="tdw-css-placeholder">. Just delete code between <style id="tdw-css-placeholder"> and ending </style> ...of course if you don't need to use it. Found and sharing this solution BNM 1
Dario 0 Posted September 22, 2023 Posted September 22, 2023 Hello, my company site is also affected with JS/Agent.RAN. Any help would be appreciated. www.virovitica.hr
Administrators Marcos 5,462 Posted September 22, 2023 Administrators Posted September 22, 2023 3 hours ago, Dario said: my company site is also affected with JS/Agent.RAN. Any help would be appreciated. www.virovitica.hr Searching for "iz.fromCharCode" should help you locate the malicious JS. Also make sure to update WordPress as well as all plugins you use and scan all files with ESET to make sure no other malware is detected.
SeriousHoax 87 Posted September 22, 2023 Posted September 22, 2023 Hi @Marcos! Wondering what this particular malicious script does? Does it redirect to malvertisements or something else?
Champion 0 Posted September 23, 2023 Posted September 23, 2023 Our two sites were also compromised with this malware and got blocked by ESET. We cleared it by updating the older Newspaper theme, that uses the vulnerable tagDiv Composer plugin, and also updated Wordpress with the rest of the plugins. Can you therefore unblock us please for the following sites: - https://www.potnik.si - https://www.zdravo.si Thank you
Administrators Marcos 5,462 Posted September 23, 2023 Administrators Posted September 23, 2023 50 minutes ago, Champion said: Our two sites were also compromised with this malware and got blocked by ESET. We cleared it by updating the older Newspaper theme, that uses the vulnerable tagDiv Composer plugin, and also updated Wordpress with the rest of the plugins. Can you therefore unblock us please for the following sites: - https://www.potnik.si - https://www.zdravo.si I confirm the websites are clean now, will be unblocked shortly.
novice12 0 Posted September 23, 2023 Posted September 23, 2023 Please unblock the novice.si website. the error is the same as above.
Administrators Marcos 5,462 Posted September 24, 2023 Administrators Posted September 24, 2023 9 hours ago, novice12 said: Please unblock the novice.si website. the error is the same as above. It is not blacklisted, however, it's still infected and JS/Agent.RAW trojan is detected.
Black20232023 0 Posted September 25, 2023 Posted September 25, 2023 Hello, can you move donjastubica.hr from black list? We have made update wp, theme, and plugins. TNX
Administrators Marcos 5,462 Posted September 25, 2023 Administrators Posted September 25, 2023 8 minutes ago, Black20232023 said: Hello, can you move donjastubica.hr from black list? We have made update wp, theme, and plugins. TNX The website indeed appears to have been cleaned and no malware was detected while browsing it. It is not blacklisted by ESET: https://www.virustotal.com/gui/url/a73fb31e85a3849d9148ed1d65f609336fa08a743b6c21583d0522a6aaaedc1e?nocache=1
BNM 0 Posted September 25, 2023 Posted September 25, 2023 Hi, My website https://bnm-portal.com is up to date with WordPress and all plugins. Still has this issue: Threat: JS/Agent.RAW trojan Access to the web page has been blocked Also scanned with Sucuri and no threrats found. Coluld you remove it from blacklist?
Administrators Marcos 5,462 Posted September 25, 2023 Administrators Posted September 25, 2023 19 minutes ago, BNM said: My website https://bnm-portal.com is up to date with WordPress and all plugins. Still has this issue: Threat: JS/Agent.RAW trojan Access to the web page has been blocked Also scanned with Sucuri and no threrats found. Coluld you remove it from blacklist? The website is not blacklisted by ESET. However, I was unable to reproduce the detected either. Are you still getting the detection? On what page / url?
BNM 0 Posted September 25, 2023 Posted September 25, 2023 (edited) On 9/21/2023 at 5:01 PM, Abajo855 said: Found and sharing this solution Marcos, I followed this suggestion also. Not getting detection anymore. Edited September 25, 2023 by BNM
Black20232023 0 Posted September 25, 2023 Posted September 25, 2023 My page donjastubica.hr is complete update, so please move from black list
Geovan Bottoni 0 Posted September 25, 2023 Posted September 25, 2023 hello. good morning everything is fine? I need help with the website https://www.mundonovo.ms.gov.br/ the message JS/Agent.RAW trojan also appears. however, checking the website https://www.virustotal.com/gui/url/ec64aed7359924af611faac17ab9dd9567d1b1efd0c1af2f87c6f10b3584a3f1/detection it does not appear in the ESET category, but in our organization it continues to block access. Thank you very much in advance Att
PatrikZitko 0 Posted September 25, 2023 Posted September 25, 2023 Hi, our customers page was blacklisted too. @Marcos could you recheck? Did you found any solution for it? Mentioned above is not applicable for us. https://monitoringmsp.sk
thomaso84 0 Posted September 25, 2023 Posted September 25, 2023 Dear ESET Team, On EU-Startups.com we had the same issue but we cleaned everything. Please unblock our site asap. Thank you! Thomas
Administrators Marcos 5,462 Posted September 25, 2023 Administrators Posted September 25, 2023 1 hour ago, PatrikZitko said: Hi, our customers page was blacklisted too. @Marcos could you recheck? Did you found any solution for it? Mentioned above is not applicable for us. https://monitoringmsp.sk It is still infected:
Administrators Marcos 5,462 Posted September 25, 2023 Administrators Posted September 25, 2023 1 hour ago, Geovan Bottoni said: I need help with the website mundonovo.ms.gov.br the message JS/Agent.RAW trojan also appears. however, checking the website https://www.virustotal.com/gui/url/ec64aed7359924af611faac17ab9dd9567d1b1efd0c1af2f87c6f10b3584a3f1/detection it does not appear in the ESET category, but in our organization it continues to block access. The detection is correct. Please read through this topic, my hints above should help you locate the malicious JS in the WP database. Also make sure to update WordPress as well as all plugins and themes you use.
Recommended Posts