Website detected - JS/Agent.RAW

[nixon_tuvshee 0]

Our website detected Nhm.gov.mn website threat JS/Agent.RAW virus has been detected check pls

[Marcos 4,935]

The detection is correct. The website was compromised and still contains the detected malware.

[thae 7]

1 hour ago, Marcos said:

The detection is correct. The website was compromised and still contains the detected malware.

How do you check that manually?
Can we do that do to check ourselves to see if it's not a false positive?
For example my latest detection on some sites were:

JS/Packed.Agent.N
HTML/ScrInject.B
JS/Adware.Adport.A

[Black20232023 0]

My page donjastubica.hr is still blocked. Marcos can you check

[Marcos 4,935]

4 minutes ago, Black20232023 said:

My page donjastubica.hr is still blocked. Marcos can you check

It is still infected:

Besides removing the malicious JS, make sure to update WordPress and all plugins and themes you use as well.

[itman 1,630]

10 hours ago, nixon_tuvshee said:

Our website detected Nhm.gov.mn website threat JS/Agent.RAW virus has been detected check pls

Since this is a government web site, there should be sufficient IT security resources to remediate this issue.

[FraPro 0]

JS/Agent.RAW has been detected on www.fnopi.it too.
Can you confirm it's not a false positive?

Thank you.

[Marcos 4,935]

2 hours ago, FraPro said:

JS/Agent.RAW has been detected on www.fnopi.it too.
Can you confirm it's not a false positive?

I could not reproduce the detection. The website has been likely cleaned in the mean time.

[Grzegorz Pawlowski 0]

Hi
Can you check this site?
https://rzeczo.pl/spoldzielnia-nie-gorsza-od-dewelopera/

Thx
Grzegorz Pawlowski

[Marcos 4,935]

38 minutes ago, Grzegorz Pawlowski said:

Can you check this site?
https://rzeczo.pl/spoldzielnia-nie-gorsza-od-dewelopera/

The malware is still there:

[Grzegorz Pawlowski 0]

21 minutes ago, Marcos said:

The malware is still there:

Thank you very much.

[lucamc 0]

I have the same problem too. It seems that the malware is linked to the WordPress theme called "Newspaper". I also have that theme, and Grzegorz's site also has it.

However, on the theme's support forum, the developer "TagDiv" says that the theme is clean.

[itman 1,630]

4 hours ago, lucamc said:

I have the same problem too. It seems that the malware is linked to the WordPress theme called "Newspaper". I also have that theme, and Grzegorz's site also has it.

However, on the theme's support forum, the developer "TagDiv" says that the theme is clean.

Per Sucuri web site analysis, below is the Newspaper plug-in being used. Is this the latest plug-in version?

Also Sucuri noted that the password entry field on this web site is not encrypted; i.e. HTTPS, meaning it can be intercepted by a hacker.

Edited September 27 by itman

[ShaneZ 0]

My website "theinfo.me" gets this message 

This web page may contain dangerous content that can provide remote access to an infected device, leak sensitive data from the device, or harm the targeted device.
Threat: JS/Agent.RAW trojan But we ran a scan and the website and server is clean.  Can you please help   Please do not publish this as it contains my website name. Thank you

Edited October 5 by ShaneZ

[Marcos 4,935]

3 hours ago, ShaneZ said:

My website "theinfo.me" gets this message 

This web page may contain dangerous content that can provide remote access to an infected device, leak sensitive data from the device, or harm the targeted device.
Threat: JS/Agent.RAW trojan But we ran a scan and the website and server is clean.

 

The website is still infected:

[Talefair 0]

Good afternoon, may you check this website?: https://estructurando.net

We are getting JS/Agent.RAW warnings.

It's not our page, I just want to be sure that this website is not being marked incorrectly. 

[Marcos 4,935]

2 hours ago, Talefair said:

Good afternoon, may you check this website?: https://estructurando.net

We are getting JS/Agent.RAW warnings.

It's not our page, I just want to be sure that this website is not being marked incorrectly.

The detection is correct.

https://sitecheck.sucuri.net/results/estructurando.net

[Zackster 0]

I'm also getting this on https://infinitymagazine.co.uk

I have a digital sub and can't download the latest issue.

[Black20232023 0]

Hello, I am completly update wp and theme with plugins, but is still on black list (domain is: www.bedekovcina.hr)

[Marcos 4,935]

2 minutes ago, Black20232023 said:

Hello, I am completly update wp and theme with plugins, but is still on black list (domain is: www.bedekovcina.hr)

The website appears to be clean. No further action is required on our end.

[Marcos 4,935]

15 hours ago, Zackster said:

I'm also getting this on https://infinitymagazine.co.uk

I have a digital sub and can't download the latest issue.

The website is still infected:

Edited October 18 by Marcos
Quote amended

[itman 1,630]

6 hours ago, Marcos said:

The website is still infected:

This comment applies to https://infinitymagazine.co.uk.

[Palmitek 0]

Hi

 i have the same problem with url https://www.spotandweb.it 

Can you check the url?

Is it a false positive?

thanks

[Marcos 4,935]

On 11/6/2023 at 1:53 PM, Palmitek said:

 i have the same problem with url https://www.spotandweb.it
Can you check the url?

Is it a false positive?

The detection is correct. The website is still infected: