Website blocked by JS/Agent.RJR trojan

[SamSJHeron 0]

Hi all,

I am having some issue accessing a website that we've been able to access normally recently. ESET pops up stating the JS/Agent.RJR Trojan, I am just not sure if its ESET being too precautious of if they've actually been targeted with a trojan. Is there a way someone could confirm? 

Enviroelectronics.co.uk

Thanks,

Sam

[Marcos 5,088]

The website is indeed infected:

[SamSJHeron 0]

Hi Marcos,

Thank you for your reply and input on this! I will try to reach out to them by phone to see if they're aware.

Thanks,

Sam

[peters 1]

Hi,

there is another site https://www.scientex.com.my which is alerted as infected by this trojan.

But it is interesting the virustotal marked this URL as Clean, include ESET engine!

I tried to check the site with Bitdefender and again, there is no alert.

Is it known what way the trojan behaves and what is the risk?

[Marcos 5,088]

6 minutes ago, peters said:

But it is interesting the virustotal marked this URL as Clean, include ESET engine!

That's because you have checked the website against url blacklists. The website is not blacklisted but it's a JS malware which is detected there:

https://www.virustotal.com/gui/file/e183ce0a1286b64a15d02cd018674b35078f626fadca1028df2a3e9c32eb2628?nocache=1

[peters 1]

Am I able to send such a particular file to virustotal myself with ESET installed (site blocked)?

[itman 1,667]

5 hours ago, peters said:

Am I able to send such a particular file to virustotal myself with ESET installed (site blocked)?

It's magento malware. Most likely will not manifest until web site purchase check-out activities. Sucuri will show the code signature it's detecting: https://sitecheck.sucuri.net/results/www.scientex.com.my .

[peters 1]

15 hours ago, itman said:

It's magento malware. Most likely will not manifest until web site purchase check-out activities. Sucuri will show the code signature it's detecting: https://sitecheck.sucuri.net/results/www.scientex.com.my .

Thank you for your info and the link - it seems very useful.

[zaeema kayani 0]

Hi , i am getting JS/Agent.RJS trojan error on my website whenever i open it. https://homesserviceprovider.com/ Here's the URL. I have site lock implemented on my domain and it says there does not  exist ant malicious file .

[Marcos 5,088]

56 minutes ago, zaeema kayani said:

Hi , i am getting JS/Agent.RJS trojan error on my website whenever i open it. https://homesserviceprovider.com/ Here's the URL. I have site lock implemented on my domain and it says there does not  exist ant malicious file .

The website is indeed infected:

https://sitecheck.sucuri.net/results/homesserviceprovider.com

[zaeema kayani 0]

how can i get this cleaned from infection?

[Marcos 5,088]

If you are unable to remove the malware from your website yourself and harden it against further exploitation, you can contact Sucuri or another website cleaning and monitoring service.

[zaeema kayani 0]

I have already hired one but they are still not able to do that. 
can u help me clean it? I am a developer myself can u give me hints for it  

any specific file I show see

 

Edited February 12 by zaeema kayani

[Marcos 5,088]

We do not provide website cleaning and monitoring services. Sucuri is a professional company that provides such services for fee.