Jump to content

JS/Agent.RMT trojan detected

deelunn2000
 Share
Go to solution Solved by deelunn2000,

Recommended Posts

deelunn2000

deelunn2000 0

Posted
Posted

Hi There

I'm getting this error saying my website has been infected, however I'm doing a scan and I can't find anything with a malware plugin. 

The website is https://peoplesparksolutions.co.uk/

Can you check for me please?
Dee

Link to comment
Share on other sites
  • Solution
deelunn2000

deelunn2000 0

Posted
  • Author
  • Solution
Posted

Just to add, I ran a scan this morning and found a suspicious file, which I have since removed and the scan is now showing as clean so I don't understand?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted

I was wrong, the result was from 1 hour ago. After re-scanning it, no threat was found and I'm not getting any alert from ESET while browsing the site either.

Link to comment
Share on other sites
  • Marcos changed the title to JS/Agent.RMT trojan detected
deelunn2000

deelunn2000 0

Posted
  • Author
Posted

This is great news, but unfortunately my client (the website owner), is still getting the error message in Edge? I've cleared the cache, is there anything else I can do so the error doesn't appear?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted

Could you post a screenshot of the error that the user is getting? I can open the site in Edge alright and no AV vendor has blacklisted it either according to VirusTotal.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,082

Posted
  • Administrators
Posted

wpsec.com reports:

WordPress theme in use: Avada
Version: 7.7.1
Update to version 7.9.2
https://wpscan.com/vulnerability/6c977bb4-daeb-42ef-b638-f4d323f18d66/

Should it still be getting re-infected, we recommend contacting Sucuri or another website cleaning and monitoring service to help you harden the website against attacks.

Link to comment
Share on other sites
deelunn2000

deelunn2000 0

Posted
  • Author
Posted

Thank you!

I've updated it there and also noticed a fake administrator user account that shouldn't of been there. Removed them, and changed passwords for all the other users, db and FTP. Hopefully that should stop it 🤞

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted (edited)
20 hours ago, deelunn2000 said:

Thank you!

I've updated it there and also noticed a fake administrator user account that shouldn't of been there. Removed them, and changed passwords for all the other users, db and FTP. Hopefully that should stop it 🤞

You also need to update your Wordpress and your theme , since the theme is vulnerable , and it's possible to add stuff through logged in admins with that vulnerability according to the link that was posted by Marcos.

They will be back since the vulnerability is still there waiting to be exploited again.

Edited by Nightowl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...