Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Exploit Javascript Obfuscation Type 1494
June 4, 2012 13:06 Re: Exploit Javascript Obfuscation Type 1494 #206243
Reply with Quote | Quick Reply | Top
Egaladeist

Avatar

Novice
Join Date: 30.5.2012
Posts: 57
My site as well comes back clean by Webmaster tools:

www.thetazzone.com
No new messages or recent critical issues.

And has also been cleared by Google Safe Browsing:

What is the current listing status for thetazzone.com?
This site is not currently listed as suspicious.

So I would appreciate my site being taken off your database as well. As this whole fiasco has caused considerable and potentially irreversible damage to my site already.

As, not only a distributor of anti-virus software, but also having a website yourself, you should be able to appreciate the very damaging and frustrating nature of this situation.
June 4, 2012 14:10 Re: Exploit Javascript Obfuscation Type 1494 #206261
Reply with Quote | Quick Reply | Top
zonetrap

Avatar

Novice
Join Date: 2.6.2012
Posts: 11
Clean now?.. museumofsex.com

I found what I think is malicious code in wp-includes/general-template.php

I took it out. Can someone at AVG check and if the site is clean, get us off this list?
June 4, 2012 16:50 Re: Exploit Javascript Obfuscation Type 1494 #206333
Reply with Quote | Quick Reply | Top
salzburg12at

Avatar

Novice
Join Date: 31.5.2012
Posts: 12
So whats up now? You put us as fast as hell on your blacksite index and by now still the LinkScanner shows an infection? Please clarify this situation immediately!
June 4, 2012 17:21 Re: Exploit Javascript Obfuscation Type 1494 #206347
Reply with Quote | Quick Reply | Top
ondraploteny

Avatar

Administrator
Join Date: 27.3.2009
Posts: 6996
Hello,

@ Egaladeist

I visited your website from my home network and again received the injected malicious script you are not aware where it comes from (see attached screenshot). Neither we, as we are checking the received prepared source code for browser from your server, we cannot see the raw server source codes.

@ zonetrap

I have still received the injected script from your website (see attached screenshot)

Please try to access the website with installed at least standalone AVG LinkScanner, which checks the code in real-time (without AVG Security Toolbar, which use the database) from different locations (IP addresses), to check you cleaned the server code successfully.

Thank you



AVG Team
How-To articles | FAQ | Free Support
museumofsex.PNGthetazzone.PNG
June 4, 2012 17:50 Re: Exploit Javascript Obfuscation Type 1494 #206355
Reply with Quote | Quick Reply | Top
zonetrap

Avatar

Novice
Join Date: 2.6.2012
Posts: 11
Google..

AVG is showing it clean though? I googled "museum of sex" and it comes up with the green check.
mosex-avg-clean.jpg
June 4, 2012 18:07 Re: Exploit Javascript Obfuscation Type 1494 #206359
Reply with Quote | Quick Reply | Top
zonetrap

Avatar

Novice
Join Date: 2.6.2012
Posts: 11
proxy servers..

I have tired a few proxy servers, and they give me the threat box, but viewing source, the malicious script is gone. So not sure what you guys are seeing.
June 4, 2012 18:10 Re: Exploit Javascript Obfuscation Type 1494 #206361
Reply with Quote | Quick Reply | Top
zonetrap

Avatar

Novice
Join Date: 2.6.2012
Posts: 11
Spoke too soon..

Hit me again. I took it out and now its back. That is interesting.
June 4, 2012 18:21 Re: Exploit Javascript Obfuscation Type 1494 #206363
Reply with Quote | Quick Reply | Top
zonetrap

Avatar

Novice
Join Date: 2.6.2012
Posts: 11
Ok...

Lets try it again. looks clean...museumofsex.com
June 4, 2012 20:08 Re: Exploit Javascript Obfuscation Type 1494 #206389
Reply with Quote | Quick Reply | Top
Egaladeist

Avatar

Novice
Join Date: 30.5.2012
Posts: 57
@ondraploteny

We are trying to do our best to eradicate this problem off of our websites. However, you are not helping by telling us there's a problem and giving us screenshots of a problem but no solutions.

A screenshot doesn't help unless it can be connected to a page. The screenshot is of what page? Sorry if I don't get that because every time I ever take a screenshot of something I can tell you exactly what page it is from.

I find it very odd that you can take a screenshot of a problem and not even know what page is being taken.

Are you trying to get rid of this problem or promote it? How many units of AVG products have you sold as a result of this problem? Maybe you want the payday to keep going until you milk it dry?

Maybe the last thing that concerns you as an Internet Security company is internet security? Is this about the bottom line?

Even a scan by your own AVG on my computer of the entire theme folder comes up ' clean '.

Explain why your own AVG is not picking it up? Is it an inferior product?


Should I switch to a product that can produce results?

June 4, 2012 21:06 Re: Exploit Javascript Obfuscation Type 1494 #206401
Reply with Quote | Quick Reply | Top
zonetrap

Avatar

Novice
Join Date: 2.6.2012
Posts: 11
Clean?..

Can museumofsex.com be checked again? We feel its clean now.