• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

at {web site} get js/downloader.agent ..from avg ..what kind of scripting would allow this

I go to {link removed} and  avg pops up with detect of js/downloader.agent warning with "ignore, heal, ignore"...then page freezes...and cannot get rid of page.  In internet explorer 7 the yellow status line comes up and says "Microsoft office 2000 web component is attempting to install an addon from an unverified publisher"..What script would cause this..does not appear on a mac running firefox.

{ links removed by PenguinMod, EE Moderator - 2008-06-17 1640 ET }
0
greta13
Asked:
greta13
  • 3
  • 3
1 Solution
 
Jason C. LevineNo oneCommented:
Hi greta13,

It's a "drive-by download" script that is trying to exploit a vulnerability in IE/Active X.  Stay away from that site...
0
 
greta13Author Commented:
I have to get to the bottom of it for the owner of the site who has hired people to build these files..for him..that script is on site "right?"...what should i look for when i access his files...I don't have access to the site right now but after I talk to the owner
0
 
greta13Author Commented:
I know html and basic php and javascrip..but now advanced enough to know what this might look like..
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Jason C. LevineNo oneCommented:
The code is a javascript tag located directly inside the <body> tag.  When evaluated, it creates an iframe that visits the hacker site and attempts to load the malware.  This site has been compromised and you need to take a series of steps immediately.

1. Check all of your pages for the code.
2. Change all passwords immediately
3. Notify the hosting company that you've been hacked and see if their security people can check their end of things.
4. Examine or pay a security consultant to examine all scripts for vulnerabilities.
0
 
greta13Author Commented:
just one more clarification..the iframe that pushes you to the download..is that local to the web server or could that be another address off the server..thanks for your help
0
 
Jason C. LevineNo oneCommented:
It most likely is remote, but I would have to actually let it evaluate to see it and I'm not willing to do that.
0
 
nexusnationCommented:
For the HTML, take a look here (clean):
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.kilntrol.com%2F&charset=%28detect+automatically%29&doctype=Inline&group=0&ss=1#source

As you can see, there is a script element immediately following the body tag.  That's the problem.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now