system
1
Hi,
Someone tell me his “windows defender” has
found agin a trojan on my blog :
hxxp://domination-web.com
1/ Do you find one too ?
2/ If yes, what can I do ?
3/ Which soft do you use to scan blog ?
4/ Where can I fin this kind of soft ?
Thanks in advance. Regards.
Ludovic
polonus
2
Hi ludovic,
Make that link non click through like hxtp
Your websoftware has an issue here: Wordpress internal path: -/home/ludovicg/public_html/domination-web/wp-content/themes/OptimizePress/index.php
pol
system
3
Hi,
hxtp ? what’s that ?
What should I do ?
Regards
Ludovic
polonus
4
system
5
Hi Polonus,
Thanks for the reports but… I don’t
understand lot of things. :-\
What should I do to make my blog clean ?
Ludovic
polonus
6
Hi ludovic,
Give the windows defender log what and where was found,
polonus
system
7
I don’t have it. Someone
just told me his windows
defender detected a trojan.
But he didn’t give me
a report.
system
8
What do you suggest I do ?
Pondus
9
polonus
10
Hi Pondus,
There are three examples described on the malware this “could” be by Sophos Detailed Analysis, see: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~JSPack-A/detailed-analysis.aspx SOPHOS-Protection available since: 04 Aug 2011 01:53:13 (GMT);
and I assume this because we find traces on the page mentioned: OptimizePress/js/qtobject.js packed by JSPACK…and there is an “assignment to undeclared variable QTObject” there,QuickTime issue, and this is like a “CoolWebSearch parasite variant” that is being flagged by MS I guess, but a Windows Defender scan expert must be fully aware and should be able to give further details on the malcode/adware flagged. My analysis so far is only based on what I see there,
polonus
system
11
Hi,
I am really sorry but I don’t know exactly
what to do. Can you help me to solve my
problem (with simple words) ?
Regards
Lud@vic
system
12
Hi,
I have just made an update of my wordpress
theme OpimizePress.
Can you scan my domination another time.
May be the pb is resolved ?
Thanks.
Regards
Ludovic
Pondus
13
I uploaded the info to Norman lab yesterday and they say it is CLEAN
At 2011-9-21 6:40:6, ygu wrote:
Hi
It is not infected.
Thanks for Submission
Yash
Files:
domination-web.com.htm : Not added