mx_starter Posted January 2, 2014 Report Share Posted January 2, 2014 Hi and HNY to all here! If you have problems with AVAST blocking the banner deliveries as described here:http://forum.revive-adserver.com/topic/91-javascript-invocation-code-marked-as-a-trojan-by-avast-224/ and here:http://forum.avast.com/index.php?topic=143666.0 you must be aware that simply upgrading to revive 3.0.2 is not enough, because the malicious JS code is probably injected in your database before the upgrade (and the upgrade script obviously does not fix this). I think revive team should explain how to remove the infection in a clear way! Until then - that procedure worked for me: 1. Stop the ad-server 2. Remove all the files under /var/cache subfolder (some of them will contain the javascript code within) 3. The affected tables in mysql are named 'audit' and 'zones' (plus prefixes in front if you use them) 4. Open the admin panel and for each of the zones: 4.1. Click on the 'Advanced' tab and remove the malicious script from the prepend/append fields, then save the changes 4.2. For each of the zones, there would be a record in the 'audit' table containing the script in its 'details' field. Delete these records and you should be fine - Avast should stop complaining from now on. Quote Link to comment Share on other sites More sharing options...
Erik Geurts Posted January 2, 2014 Report Share Posted January 2, 2014 The audit table just contains an audit trail of what happened elsewhere in the application, there is no need to clean it. It is not used for ad delivery and is therefore invisible to a malware scanner. Quote Link to comment Share on other sites More sharing options...
mx_starter Posted January 3, 2014 Author Report Share Posted January 3, 2014 The audit table just contains an audit trail of what happened elsewhere in the application, there is no need to clean it. It is not used for ad delivery and is therefore invisible to a malware scanner. Agree. To be honest - i have no idea what this table is used for - just found the code within and that is why i pointed it out. But - the need Revive to explain how to resolve the problem still exist. Quote Link to comment Share on other sites More sharing options...
Erik Geurts Posted January 4, 2014 Report Share Posted January 4, 2014 Agree. To be honest - i have no idea what this table is used for - just found the code within and that is why i pointed it out. But - the need Revive to explain how to resolve the problem still exist. Which problem are you referring to? Quote Link to comment Share on other sites More sharing options...
RedBlink Posted January 5, 2014 Report Share Posted January 5, 2014 I wouldn't have a better way to cleaning things up, but I have a pretty good way to avoiding such things. One of the way we have been able to keep the bugs out of our DB is by only exposing the pages which are used for ad serving. All the admin and on ad serving pages are either behind a basic auth or something stronger. However, when I had to do cleanups for clients, I use a tool that indexes by database and then I just do searches on the stuff that I feel is iffy. It works out pretty well. Quote Link to comment Share on other sites More sharing options...
VodkaBalalaika Posted October 7, 2015 Report Share Posted October 7, 2015 (edited) Hello my friends! Sorry for my English. My DNS unlocker removal complains to banner deliveries. What to do? Edited October 7, 2015 by VodkaBalalaika Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.