Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

at {web site} get js/downloader.agent ..from avg ..what kind of scripting would allow this

Posted on 2008-06-17
8
Medium Priority
?
267 Views
Last Modified: 2013-11-19
I go to {link removed} and  avg pops up with detect of js/downloader.agent warning with "ignore, heal, ignore"...then page freezes...and cannot get rid of page.  In internet explorer 7 the yellow status line comes up and says "Microsoft office 2000 web component is attempting to install an addon from an unverified publisher"..What script would cause this..does not appear on a mac running firefox.

{ links removed by PenguinMod, EE Moderator - 2008-06-17 1640 ET }
0
Comment
Question by:greta13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 21806607
Hi greta13,

It's a "drive-by download" script that is trying to exploit a vulnerability in IE/Active X.  Stay away from that site...
0
 

Author Comment

by:greta13
ID: 21806668
I have to get to the bottom of it for the owner of the site who has hired people to build these files..for him..that script is on site "right?"...what should i look for when i access his files...I don't have access to the site right now but after I talk to the owner
0
 

Author Comment

by:greta13
ID: 21806699
I know html and basic php and javascrip..but now advanced enough to know what this might look like..
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 2000 total points
ID: 21806779
The code is a javascript tag located directly inside the <body> tag.  When evaluated, it creates an iframe that visits the hacker site and attempts to load the malware.  This site has been compromised and you need to take a series of steps immediately.

1. Check all of your pages for the code.
2. Change all passwords immediately
3. Notify the hosting company that you've been hacked and see if their security people can check their end of things.
4. Examine or pay a security consultant to examine all scripts for vulnerabilities.
0
 

Author Comment

by:greta13
ID: 21806879
just one more clarification..the iframe that pushes you to the download..is that local to the web server or could that be another address off the server..thanks for your help
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 21806897
It most likely is remote, but I would have to actually let it evaluate to see it and I'm not willing to do that.
0
 
LVL 12

Expert Comment

by:nexusnation
ID: 21807212
For the HTML, take a look here (clean):
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.kilntrol.com%2F&charset=%28detect+automatically%29&doctype=Inline&group=0&ss=1#source

As you can see, there is a script element immediately following the body tag.  That's the problem.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Ready to get certified? Check out some courses that help you prepare for third-party exams.
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question