Jump to content

JS/Spy.Banker.MP found by ESET, but can't replicate it


Recommended Posts

Hello all, 

By a customer I was notified that our webshop (aalvink.nl) was infected by JS/Spy.Banker.MP.
When I run sitecheck.sucuri.net and virustotal.com I can't find any infection. 

With the help of the forum I searched for 'c2V0VGltZW91dChmdW5jdG' which helped me find 2 files with a line of code with this in it, so I deleted them. 
Because I can't replicate the warning, I am not sure if my site is clean now... Can you please give me some assistance? Much appreciated. 
 

Link to comment
Share on other sites

Thank you for the information, but I can't seem to find any file containing this script. Can you tell me where to look?

Link to comment
Share on other sites

  • Administrators
5 hours ago, CK020 said:

Thank you for the information, but I can't seem to find any file containing this script. Can you tell me where to look?

Since we don't provide website cleaning and monitoring services and don't have admin access to your website and database, we can't help locate it. We merely see the malicious JS code in the final rendered website's code.

Link to comment
Share on other sites

Ah I understand, but I read in other treads that you suggested to search for certain (unique) parts of the code... That's why I was asking. 
Although I think I have found and deleted the script.

Link to comment
Share on other sites

22 hours ago, CK020 said:

Because I can't replicate the warning

I received the Eset detection alert upon web site product selection box; e.g. https://aalvink.nl/product/varkensnek .

Link to comment
Share on other sites

Thank you itman, I have identified the infection in the functions.php and cleaned it. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...