A site that I receive RSS feeds from has started showing up as having a Trojan however the name seems to change. I have tried contacting the site in question qrjuice.com however no response.
I’m wondering if this is just a false positive. Appreciate any feedback and comments.
Description:Encoded javascript using a packer by Dean Edwards. This packer can be used on legitimate applications, but is often deployed by attackers to hide their scripts.
You should put a - to -http://wepawet.iseclab.org/view.php?hash=3c8edf5696bb22b85178531bc6c75a54&t=1324591024&type=js
because our unaware users with the avast shields up get an alert on the malcode, namely for
JS:ScriptSH-inf[Trj]
suspicious =
-qrjuice.com/wp-content/themes/Polished/epanel/templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 suspicious
[suspicious:2] (ipaddr:216.172.185.51) (script) -qrjuice.com/wp-content/themes/Polished/epanel/templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4
status: (referer=-qrjuice.com/)saved 15624 bytes caeb31e930068ce5820b239d44d8415f95957138
info: [embed] -qrjuice.com/wp-content/themes/Polished/epanel/templates/js/fancybox/
info: [iframe] -qrjuice.com/wp-content/themes/Polished/epanel/templates/js/fancybox/
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable Image
error: line:22: TypeError: Image is not a constructor
suspicious incomplete…
Your site may be clean(sed) now, there is still an alert that your Wordpress version is outdated according to sucuri’s: Wordpress internal path: /home/qrjuice/public_html/wp-content/themes/Polished/index.php
That means you could be re-infected again, other recommendations is for the website server. That server gives away a full version number of the server software. This should be avoided, so would-be-hackers would not know what exploits would work against it. It is a bit like in Little Red Ridinghood’s fairytale - just pull the cord hanging out the door and you can come in…and then they could,