WordPress.org

Ready to get started?Download WordPress

Forums

JS/Downloader.Agent in footer.php? (2 posts)

  1. frenchvanillacoffee
    Member
    Posted 6 years ago #

    I run an AVG virus scan every morning at 7 am. Today it notified me it found several exploits of JS/Downloader.Agent in 3 WordPress themes -- Lush, Lilac and Naruto. The exploits were in the zip files as well as in /themes.

    All were in footer.php.

    I was only using one theme and the others I had viewed but didn't like. They have been on my websites/computer for months and I did not update anything on my blogs dealing with themes in months.

    These were encoded footer.php files.

    Now, since those have been around for a while and AVG just picked it up, one could assume that it deals with the most recent AVG update and it's pulling a false positive on an exploit/virus.

    Has anyone else found this JS/Downloader.Agent in their themes?

  2. Anonymous
    Unregistered
    Posted 6 years ago #

    It is not a false positive.

    I've had the same problem, always in the footer.php file. Since I couldn't heal the file or open it to look at the code, I changed the file extension to txt and had a look - sure enough, not a php file.

    themes: michal1, all-business, liberty and simple_white

    It shouldn't be too hard to write a proper footer, but to the p.o.s. who decided to be cute and try slipping this trojan into a WordPress theme...shame on you.

Topic Closed

This topic has been closed to new replies.

About this Topic