Jump to content

JS/Agent.RAN

milos85

By milos85
in Malware Finding and Cleaning

 Share

Recommended Posts

  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
13 minutes ago, thomaso84 said:

On EU-Startups.com we had the same issue but we cleaned everything. Please unblock our site asap.

The website is not blacklisted by ESET:

https://www.virustotal.com/gui/url/58ee1318876697250a0df0edc3696d168055c4ff1f3bde60db07cb3d4a89ea60?nocache=1

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
10 minutes ago, cpritch said:

We have also updated shropshirelive.com after being told it is blacklisted.

It is still infected. Searching for "iz.fromCharCode" should help you locate the malicious JS.

Link to comment
Share on other sites
itman

itman 1,667

Posted
Posted

FYI to all in regards to VirusTotal URL detection's. It will only detect AV vendor blacklist detection's.

In the majority of postings in this thread, Eset is detecting malicious JavaScriot code on the web site interactively; not by blacklisting.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted

Yes, I mean use the URL check at VirusTotal if you have already cleaned the website and you want to check if the website url was blacklisted by ESET besides the detection of malware. Also pay attention to the date of the last check and make sure you re-scan the website if the results are not current.

Link to comment
Share on other sites
Geovan Bottoni

Geovan Bottoni 0

Posted
Posted
44 minutes ago, Marcos said:

A detecção está correta. Por favor, leia este tópico, minhas dicas acima devem ajudá-lo a localizar o JS malicioso no banco de dados WP. Certifique-se também de atualizar o WordPress, bem como todos os plug-ins e temas que você usa.

Thanks for the feedback Marco.
However, the website is not my administration, it is owned by a city hall and we only need access to issue invoices, I do not have access to the bank.

One question, on the virustotal website it is not listed by ESET, why does it still block it?

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
13 minutes ago, Geovan Bottoni said:

One question, on the virustotal website it is not listed by ESET, why does it still block it?

On VirusTotal you can check if a particular url is blacklisted by AV vendors. However, malware detection has nothing to do with url blacklisting and you would have to upload the actual infected html file in order to see detections at VirusTotal.

Link to comment
Share on other sites
itman

itman 1,667

Posted
Posted
29 minutes ago, Geovan Bottoni said:

However, the website is not my administration, it is owned by a city hall and we only need access to issue invoices,

You need to contact the web site owner and inform them of the malware situation on their web site.

Link to comment
Share on other sites
Martin Jandourek

Martin Jandourek 0

Posted
Posted

Hello,

We have removed the threat on www.ciirc.cvut.cz and need to remove it from the blacklist. I would like to request this.

In addition we have blocked all the subdomains *.ciirc.cvut.cz which often do not contain wordpress, none of them have the wrong plugin some are even static. I would also like to ask for their unblocking.

Thank you

Link to comment
Share on other sites
Adrian Ghio

Adrian Ghio 0

Posted
Posted

I still see the message showing "Your website was blocked becaus of JS/Agen.RAN"

the url: https://pharmabiz.net

I´m still looking for the fixes, but none of them work. Even when I click on ESSET popup, Nothing happens

Please your help.

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
1 hour ago, Adrian Ghio said:

I still see the message showing "Your website was blocked becaus of JS/Agen.RAN"

the url: https://pharmabiz.net

I cannot reproduce the detection, most likely the website has been cleaned in the mean time.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
4 hours ago, Martin Jandourek said:

We have removed the threat on www.ciirc.cvut.cz and need to remove it from the blacklist. I would like to request this.

The website is clean, it has been unblocked.

Link to comment
Share on other sites
itman

itman 1,667

Posted
Posted
5 minutes ago, Marcos said:

I cannot reproduce the detection, most likely the website has been cleaned in the mean time.

Same here. Web renders w/no Eset detection;

Eset_Javascript.thumb.png.788e2d02e127db019dcad29f18083c93.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
1 hour ago, PatrikZitko said:

Thanks Marcos, it is cleaned, please remove the page from blacklist.

No malware was detected while browsing the website so it appears to be clean now. We didn't blacklist it, it was just the malware that was detected there.

Link to comment
Share on other sites
Dario

Dario 0

Posted
Posted
On 9/22/2023 at 3:09 PM, Marcos said:

Searching for "iz.fromCharCode" should help you locate the malicious JS.

Also make sure to update WordPress as well as all plugins you use and scan all files with ESET to make sure no other malware is detected.

We have cleaned the site and upgraded WP and plugins. Could  you please recheck. Thanks. (www.virovitica.hr)

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
1 hour ago, pheonix999 said:

We have removed the JS script in the database, the files are clean, but the antivirus still blocks the website hxxp://kurier-nakielski.pl/ - please verify and remove the block.

The website appears to be clean, we have unblocked it.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
2 hours ago, Dario said:

We have cleaned the site and upgraded WP and plugins. Could  you please recheck. Thanks. (www.virovitica.hr)

The website is still infected:

image.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
2 minutes ago, gmedia said:

On dunakeszipost.hu we had the same issue but we cleaned everything. Please verify and remove the block.

The malware is not detected any more, we have unblocked the website.

Link to comment
Share on other sites
Geovan Bottoni

Geovan Bottoni 0

Posted
Posted
22 horas atrás, Itman disse:

Você precisa entrar em contato com o proprietário do site e informá-lo sobre a situação do malware em seu site.

Bom dia.
Certo, estarei realizando este contato.
desde já agradeço a atenção
att

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,086

Posted
  • Administrators
Posted
20 minutes ago, cpritch said:

I'm hoping we are now clear on shropshirelive.com after removing the malicious JS in the WP database.

It seems so, no malware is detected when browsing the website. We didn't blacklist it so no further action is needed on our part.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...