Hello, I am an admin at Mumonkey.com and some of our users were using avast, and then it pops up with an error about a “http://www.mumonkey.com/js/jquery.resize.text.js” as a JS:Illredir-R [Trj], also a jquery.anchor.js file it calls a JS:Illredir-R [Trj], and the javascript to resize text comes up as a JS:Illredir-R [Trj]. For some, the browser then closes. What can be done to get rid of these 3 false positives? They are clean files.
Thank you.
This page seems to be
http://www.UnmaskParasites.com/security-report/?page=www.mumonkey.com
scroll down to " Suspicious Inline Scripts "
Thank you for that, I fixed the 2 javascript errors in the files it was detecting by getting rid of w/e the vars were, and they did no seem to be affecting anything. We still have the problem of the index page only getting a JS:Illredir-R [Trj] in the object “http://www.mumonkey.com/index.php|>{gzip}”. Any clue on that one? sometimes it makes firefox come up with an error “connection reset”, which avast! says it aborted the connection. Any suggestions? Thank you.
Any suggestions? Thank you.Sorry no expert on this, but Polonus or DavidR probably have an idea.....when they are back online
Im just wondering if the vars at the end of all of our javascripts, that i have no idea what do, is causing this. here is the 2 vars that show up as suspisious. Could they be the culprit?
Virtually all of your .js scripts appear to have been hacked in the same way as the UnmaskParasites report.
I got alerts on over 6 of them before I killed the page.
Modify and Remove the attachment in your post as avast is alerting on that too.
What created your .js files ?
Hacks like this are usually down to out of date/vulnerable content management software being exploited.
Ok, i removed the attachment. Ermmm… what in the world is that? encrypted javascript? I will try removing it from the site. As to who made the javascript, I don’t think it was there at first. It just started recently, so I am guessing this was an attack on the site (it has happened before). >.> Thanks
Found the problem, an Iframe that shouldn’t be there…
Thanks for the help! Problem is solved on avast! side of things
JavaScript is a plain language scripting language, under normal circumstances there should be no need to encrypt it, but this attachment I don’t believe the is encrypted or it couldn’t easily be scanned as it would first require decryption.
This attachment was a zipped (packed) javascript file, the act of zipping it actually obfuscates the javascript code trying to hide its true purpose or intent.