Description for JS-Agent-CKL[Trj]

One of the websites I run is being flagged by Avast with the infection JS-Agent-CKL[Trj]. There’s no infection that I can find and am looking for some more details about what Avast thinks there is. I can’t find any details on the Avast site about descriptions for specific infections. Does such a thing exist? Thanks.

I can't find any details on the Avast site about descriptions for specific infections. Does such a thing exist?
No

what is the problem URL

Unfortunately it’s on a non-public private registration page so that’s not possible. We will review our code and see if we can figure out why Avast is triggering this message.

JS-Agent-CKL[Trj] = avast see a malicious java script

Check url here

https://sitecheck.sucuri.net//
http://killmalware.com

you can also upload the code to www.virustotal.com and test

I suggest you run the online scans that I have listed on my simple website to find out more.

JS = JavaScript
Agent = the name of the malware
CKL = the version of the malware
Trj = Trojan

Keep in mind that different vendors have different names for malware.
e.g. What avast is calling A, Kaspersky can call it B and Norton can call it C

You can use VGrep to find out who is calling it what.

Thanks for the info!

I ran the URL against both the sites that Pondus provided and it came back clean. I tried with some of the links on Eddy’s site and also clean. Our corporate AV treats it as clean as well.

Without knowing exactly what it sees as the problem I’m not really sure how to proceed. Any suggestions?

contact avast, scroll down to submit a ticket https://support.avast.com/

did you test the code at virustotal?
was it only detected by avast?

For (possible) false positives this form should be used :
https://www.avast.com/contact-form.php?subject=VIRUS-FILE

I just scanned it with virustotal and it came back clean. So far only Avast is flagging it as having a trojan or virus.

I will submit a (possible) false positive report and hope that they get back to me.

Thanks again for your help and if you can think of anything else I should do let me know.

VirusTotal does not scan websites.

Depends how he did it, if he uploaded the website html code it does, if just scanning the URL it is just a blacklist check

Ah, I did not upload the HTML. I can try that. But that would just handle the main page, not the dependencies. I think it’s probably a linked file that is causing the trigger.

I uploaded the html to virustotal and only Avast alerted. While Avast reviews the report, I can at least play around and see specifically what part is causing the alert.