Hello,
I sent false-positive request by contact form, but first time it seemed not been read by Avast employee - the answer have been maybe about site, but not about what stated in request. For second request we have no answer.
Could You help?
Contact form message is included below.
Marcin
Hi,
Site has been cleaned - potentially malicious code has been deleted.
Our site used to have old Joomla module wchich holded
“[…]function dnnViewState() { var a=0,m,v,t,z,x=new Array(‘9091968376’…[…]” code and we removed that code.
Site is classic business page of small/medium Polish company Armac that make power supplies, ups etc.
Site is made using Joomla 1.7. It is hosted at “nq.pl”.
Please consider site as False-Positive and remove it from Your blacklist.
Regards
Marcin Milczarz
Site is not only insecure, it has live malware on, that avast! Webshield detects as JS:Clickjack-A[Trj]
General insecurities - Excessive Header information spread to the globe and attackers. HTTP-only Cookies warning, Clickjacking Warning.
See: http://jsunpack.jeek.org/?report=750193c9b3699301161f1481973b6d9b802c9ca4
wXw.armac.pl/templates/armac/js/script.js benign
[nothing detected] (script) wXw.armac.pl/templates/armac/js/script.js
status: (referer=wXw.armac.pl/)saved 2433 bytes 792d4bd5d63f192fd0d05957e9a885b75b5a1188
info: [decodingLevel=0] found JavaScript
error: undefined function window.addEvent
suspicious code injection
Delete from mod_AutsOn, look for an infested xml file and then deinstall using extension manager (pol)
I know that, friend Pondus, but avast is renowned for having first class detection for these kind of malcodes.
When the website admin can find that theme xml file from an unknown, like xing for instance,
he is out of the woods and could cleanse his site in the way I mentioned,
deleting the lines of the dnnViewState function.
Just one vulnerable plug-in/ theme and bingo, you can be a malcode prize winner ;D
But always there is room for a false positive of course,
but knowing the avast team shield coders, I rather doubt such an outcome.
If the site has been really cleansed,
they could send a FP report and the site could come unblocked with a coming update.