• Page 1 of 1
  • 1
Forum moderator: bigblog  
uCoz free site - > HTML/ScrInject.B trojan
Apollo
Posts: 9
Reputation: 1

Message # 1 | 10:09 PM
Why does my Antivirus show this on my website, on all pages ? (and does not allow me to use the site)

HTML/ScrInject.B trojan

http://msociety.ucoz.org/

Where is the Trojan ?
Are the free advertisements on free uCoz websites, insert Trojans in uCoz ?

Please do something about this problem !
I have attached a picture.
Attachments: 6721369.png (56.5 Kb)
Post edited by Apollo - Sunday, 2018-08-05, 10:39 PM
Urs
Posts: 303
Reputation: 4

Message # 2 | 10:34 PM
Hmm...

My antivirus (also ESET) detects the same thing.

Actually it shows HTML/ScrInject.B trojan on all FREE uCoz websites with advertisements. (even if they paid or not in the past)

Example : http://farmergrup.ucoz.com/

Why ?

I know uCoz had some problems in the past with bad advertising systems full of viruses or trojans and pop-ups (uCoz didn't have control over advertisements and/or didn't care much about FREE websites - just wanted to get some money out of them somehow, so they chose automated virus loaded advertisement systems)

Now it seems that the Antivirus Companies put the last nail in the coffin for Free uCoz websites that are full of viruses, trojans and worms !

Way to go uCoz... PLEASE REPORT THIS PROBLEM TO BIG UCOZ BOSS.

Maybe they fix it ASAP !!!

Thassos Island Portal :
https://thassos.one
Post edited by Urs - Sunday, 2018-08-05, 10:36 PM
Gromov
Posts: 616
Reputation: 14

Message # 3 | 5:21 AM
Apollo, The issue is only with Eset anti-virus and their databases. Please request Eset to provide you with more details about what exactly they consider to be a virus. Also, please specify the version and database ID you're using.
Apollo
Posts: 9
Reputation: 1

Message # 4 | 12:01 PM
Quote Gromov ()
Apollo, The issue is only with Eset anti-virus and their databases. Please request Eset to provide you with more details about what exactly they consider to be a virus. Also, please specify the version and database ID you're using.


Have you tested all other antivirus programs Gromov ?
ESET makes one of the best AV programs.

You have in attachment the latest version of the program i use.
It should be uCoz problem and responsibility to ask ESET as a company to resolve this issue, not me as an individual that will probably will not be taken seriously as i am not the owner/administrator of all uCoz websites.
Attachments: 0061667.png (61.5 Kb)
Gromov
Posts: 616
Reputation: 14

Message # 5 | 1:17 PM
Apollo, First of all, there various reasons for any anti-virus to report a trojan treat, even if it's not a trojan threat as well, also, it may be users third-party codes etc. This is why we always ask to clarify the details directly with the antivirus support team. If it's some code that was added by us, the issue will be forwarded to the department in charge and fixed as soon as possible, but without a cooperation from your side, there's not much I can do.
Apollo
Posts: 9
Reputation: 1

Message # 6 | 2:38 PM
Hello Gromov,

I also suggested, Urs website (farmer) to ESET to test both websites so there is no mistake regarding third-party codes added by users.

https://forum.eset.com/topic/16302-ucoz-free-websites-htmlscrinjectb-trojan/

Here is the answer from ESET:

"The website was compromised. The owner or admin should remove the reference to an external js at mXXXXu.com (some letters were intentionally replaced) and take measures to prevent further re-infection. "

There you go.
Both websites, same infection - having different admins and different users.

Forward the problem to the department in charge and fix ASAP.
Post edited by Apollo - Monday, 2018-08-06, 2:40 PM
Urs
Posts: 303
Reputation: 4

Message # 7 | 2:44 PM
Quote Apollo ()
Hello Gromov,

I also suggested, Urs website (farmer) to ESET to test both websites so there is no mistake regarding third-party codes added by users.

https://forum.eset.com/topic....-trojan

Here is the answer from ESET:

"The website was compromised. The owner or admin should remove the reference to an external js at mXXXXu.com (some letters were intentionally replaced) and take measures to prevent further re-infection. "

There you go.
Both websites, same infection - having different admins and different users.

Forward the problem to the department in charge and fix ASAP.


Thank you Apollo.
I would say that the same problem is present on all free sites. It is not a user related code, but a uCoz system default code / js.

Pretty sure it is related to the automated advertisement system that uCoz uses on free sites. That is where the hijack comes from.

I also need help on my site to remove this problem.
Thank you.

Thassos Island Portal :
https://thassos.one
Post edited by Urs - Monday, 2018-08-06, 2:45 PM
Gromov
Posts: 616
Reputation: 14

Message # 8 | 4:46 AM
Apollo, Urs, the thing is that there were some more reports regarding a trojan virus and in some cases, the issue was third-party scripts. Also, it was due to the ad partners we're working with, yes, and such issues were resolved, but since we have multiple partners and we weren't able to recreate most of the reports, we ask users for an assistance regarding the matter.

I have forwarded the information to the department in charge.
Gromov
Posts: 616
Reputation: 14

Message # 9 | 5:25 AM
Urs, Apollo, we have identified the issue and it seems like it's not from our end after all. I assume you're familiar with each other since you both have the same script:

Code
<ntvk id="m-iIQUqZpHU8"></ntvk><script src="//p7.ntvk1.ru/nve.js" async="async"></script>


Remove it and check your websites again and notify us about the result.
Urs
Posts: 303
Reputation: 4

Message # 10 | 10:51 AM
We do not know each other, the script you are talking about has been probably injected in various forms on all FREE uCoz websites by the advertisement system.

All FREE websites found on uCoz Top 100 are blocked by ESET for same problem ( HTML/ScrInject.B trojan ) :

Simply by going through some websites on http://top.ucoz.com/ to find free ones reveals with ESET the trojans :

http://examineyoursel.ucoz.com/
http://news.foodnk.com/
http://nuclearpower.ucoz.com/
http://scienceworld.do.am/
http://detikkpmjb.ucoz.com/
http://ufo-ovni.ucoz.com/
http://translationtext.com/
http://thaoluansucsan.foodnk.com/
http://yfs.ucoz.net/
http://psm.ucoz.ua/
http://biodiversity.ucoz.ru/

.etc the list goes on forever.

All of them infected.

ESET stopped reporting infection on http://farmergrup.ucoz.com/ without me removing anything the moment you changed the advertisements to uKIT / uCoz default banners.

I repeat, the script is probably injected, i did not find any script like that on the website ONCE you removed the third party advertisements and reverted to uCoz only advertisements. Proof is that ESET no longer blocks the website and i didn't do anything.

Thassos Island Portal :
https://thassos.one
Post edited by Urs - Tuesday, 2018-08-07, 11:22 AM
Urs
Posts: 303
Reputation: 4

Message # 11 | 11:20 AM
The Advertisement system on free websites needs a complete overhaul for both desktop and mobile. For years i have reported that these advertisements on mobile phones don't even allow you to enter the site but they redirect to a completely different site like casino sites, makes you click on them on every single page (to get more viruses) and that uCoz company has no control over them and what these advertisements do on the owner site. No user will ever want to upgrade a free site that is by default full of Trojans, scams, forced redirects to virus pages etc.

I even had this on my paid sites, the moment 1 day passes and i forgot to pay, all my users on mobile phones started to be redirected by force to other sites. And the desktop users were shown disgusting ads for penis enlargement, fat naked woman with health problems, animated puke etc.

https://forum.ucoz.com/forum/46-20902-119455-16-1484858467

One good method that can work on uCoz for free users is...

Let me translate this for you. And send this to suggestions. (picture in attachment)

On 1000 pixels line you have 5 ads x ( 200 x 22 pixels ) for a total of 1000 px x 22 px with two buttons at the end of 11 px x 11 px. The button X closes the bar. The button R takes the user to a page where he can purchase ad space directly on uCoz platform. uCoz then shows the ads and consumes the credit when they are clicked.

The ad banner stays in a fixed position at the top for every free site, like the old bar you had in the past.

This way you control everything and free users will start to pay for a package because they are encouraged to promote their business. They will never pay just to get rid of large banners, spam, viruses, Trojans, forced redirects -> they will simply chose other platforms that have a decent free user policy !

P.S:
The current advertisement policy on free sites does not work. Change your automatic ads system with a proper decent one that doesn't show disgusting ads or tricks the user or makes his website to be blocked by antivirus-antimalware software.

Thank you.
Attachments: 8737003.png (33.7 Kb)

Thassos Island Portal :
https://thassos.one
Post edited by Urs - Tuesday, 2018-08-07, 11:52 AM
Apollo
Posts: 9
Reputation: 1

Message # 12 | 11:40 AM
Hello Gromov,

I know urs from the forums, he had many good suggestions in the past and old veteran on the uCoz platform. Don't know anything about him, just the stuff he posts and his ideas that i like.

It appears that the ESET block on http://msociety.ucoz.org/ also disappeared without my intervention. You changed the advertisements ? (i no longer see any)

Why can't uCoz try a different advertisement system, even in-house build/developed just like the one urs suggests ?

Something slim, clean that will make you LOVE uCoz and buy a package just to support them !


Most people by principle never upgrade free packages on sites that predominantly are unusable or are basically a spam/virus/redirect FARM.

The thing is, in one month probably the advertisements will revert back, to normal virus ones that inject scripts.
More over you may have temporarily solved 2 sites, but there are millions more that have the exact same problem.

On mobile phones uCoz "free" is a disaster. (totally unusable site)
If you don't do anything or don't push for change, people will eventually migrate to other platforms, and it is a shame because uCoz has potential for greatness.

You must do something.
Post edited by Apollo - Tuesday, 2018-08-07, 11:50 AM
Gromov
Posts: 616
Reputation: 14

Message # 13 | 12:36 PM
Apollo, Urs, your suggestions were forwarded to the department in charge, they will consider the information and make their decisions.
joexyz
JOE-vascript
Posts: 1770
Reputation: 78

Message # 14 | 9:28 AM
Gromov, this is something that happens on all websites, I have received several reports from different users, it's up to uCoz to fix it. And I have to agree with them, these ads are a disaster.
hey i'm joe and i do not work for the company anymore, please contact other staff or tech support
icon by ch-chau

sometimes i lurk here
Gromov
Posts: 616
Reputation: 14

Message # 15 | 10:35 AM
bigblog, I do understand the issue and the situation in general and all the requests were transferred to the division in charge of ads.
  • Page 1 of 1
  • 1
Search: