Jump to content

Website detected - JS/Agent.RAW


Recommended Posts

  • Marcos changed the title to Website detected - JS/Agent.RAW
1 hour ago, Marcos said:

The detection is correct. The website was compromised and still contains the detected malware.

How do you check that manually?
Can we do that do to check ourselves to see if it's not a false positive?
For example my latest detection on some sites were:

JS/Packed.Agent.N
HTML/ScrInject.B
JS/Adware.Adport.A

Link to comment
Share on other sites

  • Administrators
4 minutes ago, Black20232023 said:

My page donjastubica.hr is still blocked. Marcos can you check

It is still infected:

image.png

Besides removing the malicious JS, make sure to update WordPress and all plugins and themes you use as well.

Link to comment
Share on other sites

10 hours ago, nixon_tuvshee said:

Our website detected Nhm.gov.mn website threat JS/Agent.RAW virus has been detected check pls

Since this is a government web site, there should be sufficient IT security resources to remediate this issue.

Link to comment
Share on other sites

  • Administrators
2 hours ago, FraPro said:

JS/Agent.RAW has been detected on www.fnopi.it too.
Can you confirm it's not a false positive?

I could not reproduce the detection. The website has been likely cleaned in the mean time.

Link to comment
Share on other sites

I have the same problem too. It seems that the malware is linked to the WordPress theme called "Newspaper". I also have that theme, and Grzegorz's site also has it.

However, on the theme's support forum, the developer "TagDiv" says that the theme is clean.
Link to comment
Share on other sites

4 hours ago, lucamc said:

I have the same problem too. It seems that the malware is linked to the WordPress theme called "Newspaper". I also have that theme, and Grzegorz's site also has it.

However, on the theme's support forum, the developer "TagDiv" says that the theme is clean.

Per Sucuri web site analysis, below is the Newspaper plug-in being used. Is this the latest plug-in version?

Eset_Theme.thumb.png.31dd720feb1f2677b226077e4e036891.png

Also Sucuri noted that the password entry field on this web site is not encrypted; i.e. HTTPS, meaning it can be intercepted by a hacker.

Edited by itman
Link to comment
Share on other sites

My website "theinfo.me" gets this message 

This web page may contain dangerous content that can provide remote access to an infected device, leak sensitive data from the device, or harm the targeted device.
 
  Threat: JS/Agent.RAW trojan

But we ran a scan and the website and server is clean.

 Can you please help

 

Please do not publish this as it contains my website name. Thank you 

 

Untitled - Copy.png

Edited by ShaneZ
Link to comment
Share on other sites

  • Administrators
3 hours ago, ShaneZ said:

My website "theinfo.me" gets this message 

This web page may contain dangerous content that can provide remote access to an infected device, leak sensitive data from the device, or harm the targeted device.
  Threat: JS/Agent.RAW trojan

But we ran a scan and the website and server is clean.
 

 

The website is still infected:

image.png

Link to comment
Share on other sites

Good afternoon, may you check this website?: https://estructurando.net

We are getting JS/Agent.RAW warnings.

It's not our page, I just want to be sure that this website is not being marked incorrectly. 

image.png

Link to comment
Share on other sites

  • Administrators
2 hours ago, Talefair said:

Good afternoon, may you check this website?: https://estructurando.net

We are getting JS/Agent.RAW warnings.

It's not our page, I just want to be sure that this website is not being marked incorrectly.

The detection is correct.

https://sitecheck.sucuri.net/results/estructurando.net

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators
2 minutes ago, Black20232023 said:

Hello, I am completly update wp and theme with plugins, but is still on black list (domain is: www.bedekovcina.hr)

The website appears to be clean. No further action is required on our end.

Link to comment
Share on other sites

  • Administrators
15 hours ago, Zackster said:

I'm also getting this on https://infinitymagazine.co.uk

I have a digital sub and can't download the latest issue.

The website is still infected:

image.png

Edited by Marcos
Quote amended
Link to comment
Share on other sites

  • 3 weeks later...
  • Administrators
On 11/6/2023 at 1:53 PM, Palmitek said:

 i have the same problem with url https://www.spotandweb.it
Can you check the url?

Is it a false positive?

The detection is correct. The website is still infected:

image.png

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...