CK020 0 Posted February 18 Share Posted February 18 Hello all, By a customer I was notified that our webshop (aalvink.nl) was infected by JS/Spy.Banker.MP. When I run sitecheck.sucuri.net and virustotal.com I can't find any infection. With the help of the forum I searched for 'c2V0VGltZW91dChmdW5jdG' which helped me find 2 files with a line of code with this in it, so I deleted them. Because I can't replicate the warning, I am not sure if my site is clean now... Can you please give me some assistance? Much appreciated. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,088 Posted February 19 Administrators Share Posted February 19 The website is infected: Quote Link to comment Share on other sites More sharing options...
CK020 0 Posted February 19 Author Share Posted February 19 Thank you for the information, but I can't seem to find any file containing this script. Can you tell me where to look? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,088 Posted February 19 Administrators Share Posted February 19 5 hours ago, CK020 said: Thank you for the information, but I can't seem to find any file containing this script. Can you tell me where to look? Since we don't provide website cleaning and monitoring services and don't have admin access to your website and database, we can't help locate it. We merely see the malicious JS code in the final rendered website's code. Quote Link to comment Share on other sites More sharing options...
CK020 0 Posted February 19 Author Share Posted February 19 Ah I understand, but I read in other treads that you suggested to search for certain (unique) parts of the code... That's why I was asking. Although I think I have found and deleted the script. Quote Link to comment Share on other sites More sharing options...
itman 1,667 Posted February 19 Share Posted February 19 22 hours ago, CK020 said: Because I can't replicate the warning I received the Eset detection alert upon web site product selection box; e.g. https://aalvink.nl/product/varkensnek . Quote Link to comment Share on other sites More sharing options...
CK020 0 Posted February 24 Author Share Posted February 24 Thank you itman, I have identified the infection in the functions.php and cleaned it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.