Trojan detected by Avast!, but not 47 other antivirus programs

When I try to log on to hxtp://jeffrey-thomas.com/ Avast gives me an alert for the JS:HideMe-J [Trj] Trojan.

VirusTotal.com shows that out of 48 antivirus programs, only Avast! detects it.

http://www.clean-mx.de/ reports 150 urls that are associated with JS:HideMe-J [Trj]

With Avast running, I can’t access hxtp://jeffrey-thomas.com/

Please help

http://sitecheck.sucuri.net/results/jeffrey-thomas.com/
http://sucuri.net/malware/entry/MW:SPAM:SEO

First thing to do is updating your WordPress version.

Hello,
attached picture shows, what’s detected on the page.
Avast complains about using certain extensions (such as “sharethis”), which use bad practice (hidden links). Either disable them, or delete the code that hides the links (function …ViewState() { var a=0,m,v,t,z,x=new Array(‘9091968376’…)

More info can be found here: http://forum.joomla.org/viewtopic.php?t=795946

Milos

Hi Milos,

avast! blocks that site/link. :wink: (See screenshot.)

Asyn

Hmmm, they have there the code in plain text :frowning: we can’t do anything with it.

Milos

Yep.

Hello, I have the same problem!
I try to enter to the website of my school and avast block it!! And alerts me that the website has the same trojan (JS:HideMe-J [Trj])!
I ask my classmates and only those who have avast have the same issue. Not other antiviruses blocks this website.
I study infrastructure engineer and the website of my institute is this ( www.cie.teithe.gr )
I have to enter the website because of my studies, but im afraid of the security of my pc! The only way to enter is to disable avast!
Please guys what can I do? What do you suggest me? Any way to enter without infect by the trojan?
The only thing I don’t understant is why a univercity website have a trojan?

Contact your admin/webmaster and tell him to clean it.

@Kuja that site is infected with v i a g r a and c i a l i s spam

Sucuri report http://sitecheck.sucuri.net/results/www.cie.teithe.gr/

What Pondus found there:
[javascript variable] URL=wXw.assoande.it/it/index.html
info: [javascript variable] URL=wXw.virginiafirst.org/clip/
info: [javascript variable] URL=csc-oct dot .org/buy-vigr-england.html
But even the link he gave on sucuri’s is blocked by the avast! Web Shield as JS:HideMe-J[Trj]
the malcode is greyed out when you view the url at http://web-sniffer.net/ also flagged as blocked by the avast! Web Shield as JS:HideMe-J[Trj] as enough of the code given there.
More malware flagged at VW - Up(nil): NA RIPE GR abuse at teithe dot gr 195.251.239.211 to 195.251.239.211 teithe dot gr htxp://www.mls.teithe.gr/cache/mod_breadcrumbs/menu.php Joomla template that has issues, existing problem from 2012, inconsistent usage of module suffix at mod_menu and mod_breadcrumbs
Info
Inconsistent usage of module suffix at mod_menu and mod_breadcrumbs.
In all other modules the suffix is attached to the class. There is no other choice,

polonus

fixed! :slight_smile: Even the sucuri results cause an alert.