There’s no trojan on that page.. on the link posted perhaps, but otherwise not…
Which seems quite clear considering the nature of said thread…
It’s a false alarm from Avast.
In this topic (http://wordpress.org/support/topic/269854) is VIRUS. Not false positive.
Admin please delete this code and make image available http://forum.avast.com/index.php?action=dlattach;topic=54797.0;attach=43034;image in topic.
“The problem is some idiot posted the complete script code on the page instead of using an image and to make it worse even posts a direct active link to the hacked page.
Unfortunately avast treats the text based script code the same as if it were in the html code as that is what it is looking at.”
The warning I got included a message describing the threat as an “exploit link to a known exploit site” and denies my browser (Windows/Firefox/AVG) access to the entire page.
AVG maybe not detect malicious script. Avast did this. Topic must be cleaned!
So flag the post modlook and reply saying that.
I suppose if they wrap it in code tags, it’ll stop pinging your virus scan. Your browser shouldn’t be executing that code, anyway, since the php doesn’t ‘work.’
I believe I stated that AVG did detect it. I also stated that what it detected, was a known exploit link to a known exploit site. Then it refused to let me view the page.
David from Avast team:
Thanks, hopefully they will need your suggestion/advice when posting exploit/malicious script code, use an image or break the code in a way it can’t be taken for the real threat.
I’ve removed the link, so whether it’s a real virus or not is irrelevant now, I guess.
Yes, the code for the hack is there, but it’s not active content, so any browser that treats it as such is just plain odd.
Just Avast detect it to virus code.
Unfortunately avast treats the text based script code the same as if it were in the html code as that is what it is looking at.
Could you please remove or break the malicious code? Avast -> Iframe trj.
IMO this is AVAST being a silly program.
The page has PHP code, encoded, which isn’t smart, but it’s not ‘wrong’. It’s not, in any way, shape, or form executable code. The
<?php ... ?>code doesn’t run.
Echo “Hello, World!”;
should be sanitized by the parser and just show up as text. Unformated, ugly, text, but text. So the fact that you have a evil link checker that looks back at that plain text and says ‘Danger Will Robinson!’ is an overreaction on it’s part.
More logical would be for it to say ‘Hey, if the inline text has evil PHP, let the page load and don’t execute it. After all, the browser wasn’t gonna anyway.’
Unless of course IE is idiotic enough to parse it.
- The topic ‘Trojan horse on this site’ is closed to new replies.