• Page 1 of 1
  • 1
Forum moderator: bigblog  
My website is infested by a trojan
bubu83945
Posts: 4
Reputation: 0

Message # 1 | 7:45 AM
Hello uCoz support,

Please, my page fhsw-europ.ucoz.de has a malicious script in the headers of the webpage. I tried to remove it through Ad Board but the malicious code is not visible there.

The source code of my page:
<html id="root">
<head>
<script type="text/javascript" src="/?c%21uD32lDOK4pY1cOgV65TAMYS0s7b83kvxKZaUpHXt2YiIK0kbe0YgQp337rE8qlrUYBWwhvpFQ7lFZS9YsP0bBK%5ENyFJL2XMT8%3BLJWPUxEQ4NZnGOm5X1tMCrm3e52m%21YHaO%3BaBprKjVGq1QTZehnVndye0ecce%21EvOMDF14PHqDmFECuPz8WWvfvLZV7GqhiYO2HOW8q%3BYm2FaGMCPOvGxGpUo"></script>
<script type="text/javascript">new Image().src = "//counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+(screen&&";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth||screen.pixelDepth))+";u"+escape(document.URL)+";"+Date.now();</script>
<script type="text/javascript">new Image().src = "//counter.yadro.ru/hit;ucoz_desktop_ad?r"+escape(document.referrer)+(screen&&";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth||screen.pixelDepth))+";u"+escape(document.URL)+";"+Date.now();</script>
<script type="text/javascript">
var hst = location.host;

if(hst.indexOf('.usite.pro') !== -1){
new Image().src = "//counter.yadro.ru/hit;zone_usitepro?r"+escape(document.referrer)+(screen&&";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth||screen.pixelDepth))+";u"+escape(document.URL)+";"+Date.now();
}
if(hst.indexOf('.my1.ru') !== -1){
new Image().src = "//counter.yadro.ru/hit;zone_my1ru?r"+escape(document.referrer)+(screen&&";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth||screen.pixelDepth))+";u"+escape(document.URL)+";"+Date.now();
}

if(hst.indexOf('.ucoz.net') !== -1){
new Image().src = "//counter.yadro.ru/hit;zone_ucoznet?r"+escape(document.referrer)+(screen&&";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth||screen.pixelDepth))+";u"+escape(document.URL)+";"+Date.now();
}
</script>
<script type="text/javascript"></script>
<meta charset="utf-8">
<title>[FHSW] Europe - Mainpage</title>
<link type="text/css" rel="stylesheet" href="/_st/my.css" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<script type="text/javascript">
var navTitle = 'Navigation';
var currentPageIdTemplate = 'sitePage1';
var currentModuleTemplate = 'index';
</script>

And I expect the first script with very long source tag to be the issue. MalwareBytes blocks access to the page for numerous users and other AVs do that as well.

Please, could you remove this script from my page?

Thank you very much in advance.
Post edited by bubu83945 - Saturday, 2021-05-01, 7:45 AM
Felicia
Posts: 185
Reputation: 6

Message # 2 | 7:46 AM
bubu83945, please check again, now everything should be ok.
Good things come to those who wait!
bubu83945
Posts: 4
Reputation: 0

Message # 3 | 7:52 AM
Thank you very much for quick resolution Felicia! Also sorry for double posting on 2 different places. Didn't know whether the forum is active or so.
smile

Edit: I have checked right now and the Malwarebytes again is throwing the error and blocking the page due to the trojan. Can you please check again the page? I expect it got reinfected.
Post edited by bubu83945 - Friday, 2021-05-07, 7:54 AM
Felicia
Posts: 185
Reputation: 6

Message # 4 | 5:19 AM
bubu83945, where exactly are you checking this? On https://www.virustotal.com/ I see no warnings. https://prnt.sc/130w441 If it's an antivirus, please try contacting their support to see why you keep getting the error
Good things come to those who wait!
  • Page 1 of 1
  • 1
Search: