I know this issue has been mentioned before on the forum but I didn’t get a solution to my particular problem.
On a few of the sites that I am working with I am getting an Avast virus alert saying that a virus has been detected. I have contacted my host company and they suggest that this is a “false positive”. The problem is I am continuing to receive the same messasge.
I am not sure what actions to take?
Regards
Toormore
Sign of “JS:Cruzer-C [Trj]” has been found in “hXXp://ruralresilience.com/wp-admin/css/dashboard.css?ver=20081210” file.
Sign of “JS:Cruzer-C [Trj]” has been found in “hXXp://ruralresilience.com/wp-admin/admin.php?page=wp-gbcf/wp-gbcf_form.php” file.
Sign of “JS:Cruzer-C [Trj]” has been found in “hXXp://www.housedesignonline.com/wp-admin/favicon.ico” file.
Sign of “JS:Cruzer-C [Trj]” has been found in “hXXp://www.ruralresilience.com/” file.
The said links have been detected by Link Scanner to be a form of:
Infection: JavaScript Obfuscation (type 501)]
Detail: Exploit: Javascript Obfuscation [This web site has JavaScript that has been used to obfuscate known exploit techniques.]
Risk Category: Exploit
Description: XPL’s Intelligence Network has detected an exploit. An exploit is a piece of malware code that takes advantage of a vulnerability in a
software application, usually the operating system or a web browser to infect a computer. Exploits usually target a computer by means
of a drive-by download – the user has no idea that a download has even taken place. XPL recommends not visiting this web site
regardless if your computer has been patched for the vulnerability.
-= Though avast did not trigger me of any threats…
We’ve encountered this multiple times.
could you please do such a test:
a) download all files from the web using FTP (must not use http)
b) compare them to the original files on your computer.
Check the differences. This looks like if there’s some randomizer sending the infections on random.
One more thing - you need to check all them .htaccess files and also modified error message pages (not only 404 page).