When i try to enter my website (hxxp://hotmobilepress.com), its giving js:Redirector-NT [Trj] alert from Avast.
I download whole site from FTP server and scan with Avast and Ad-Aware, but nothing found
I checked my database file for any redirect address, but nothing found
Also Sucuri report is clean too…
But Avast still giving js:Redirector-NT [Trj] alerts…
What can i do for remove this trojan from my website?
PS: I think its because my easy SQL database password. If you have same problem check your database password if it strong enough…
the avast alert occurs randomly, maybe one time each 10 times I go to the web… usually when I go to the web first time in a few hours. Then I try to refresh and nothing. I have downloaded the home page when alert occurs, but not difference with the home page when nothing occurs.
The general method of insfection can be achieved from what spg SCOTT gave on the other site mentioned in this thread.
The only issue I spot through the generic JS unpacker is this part of the code here for -hotmobilepress dot com is:
Your Wordpress should be updated and patched here: Wordpress internal path: /home/hotmobil/public_html/wp-content/themes/LondonLive/index.php (sucuri alert for that theme)
-hotmobilepress.com/wp-content/themes/LondonLive/scripts/js/jquery-ui.min.js?ver=3.3.1 suspicious
[suspicious:2] (ipaddr:46.28.239.195) (script) -hotmobilepress.com/wp-content/themes/LondonLive/scripts/js/jquery-ui.min.js?ver=3.3.1
status: (referer=-hotmobilepress.com/)saved 183557 bytes fe810f47883364fbc4dc2c61e03a3aca0f74fed7
info: [iframe] -hotmobilepress.com/wp-content/themes/LondonLive/scripts/js/javascript:false;
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^
suspicious
Well the sucuri alert is not for an outdated WordPress version, the alerts is foir that specific theme: wordpress London live theme
Use the Wordpress exploit scanner: http://wordpress.org/extend/plugins/exploit-scanner/
This plugin is far from perfect, so you might have to plough through the code for changes yourself,
You fell victim to a php hack so you have to secure the use of that first,