Return to previous page

Torjan file detected - by laocat21 - on WordPress WooCommerce support

This topic has 10 replies, 4 voices, and was last updated 9 years, 6 months ago ago by Eva Kemp

laocat21

Participant

May 31, 2016 at 15:05

I am in the middle of installing your Royal Theme for WordPress using your demo info. Everytime I click on the home page link my McAfee tells that a Trojan file has been detected. Does this mean that there is a Trojan somewhere in the files you have supplied! If so how do I get rid of it?
Obviously I don’t want the end user getting this message and I certainly don’t want to infect any ones PC.
I have taken a screen shot of the message.

Please, contact administrator
for this information.

#127742 Copied Theme version: 2.6 WooCommerce version: 4.5.2

9 Answers

Eva Kemp

Participant

May 31, 2016 at 16:59

Hello,

We checked our theme files and there is no suspicious code there.
Please specify what file you’re referring to and in which folder.

Regards,
Eva Kemp.

#127767 Copied

laocat21

Participant

May 31, 2016 at 17:12

I don’t know where the file would be as I am getting the warning when I go to the home page using firefox browser. I don’t know if it helps but the warning does not seem to come up on other pages, only the home page? and the message from McAfee reads
“About this Trojan …Detected Obfuscated Script (Trojan)”
Would it possible that one of the Javascripts would cause this reaction, if so how do I prevent my end users from seeing the same?

#127776 Copied

Eva Kemp

Participant

May 31, 2016 at 17:20

Hello,

Try to disable all 3rd-party plugins and check the site after that.
Also check if it happens with default WordPress theme (Twenty Sixteen, for example).

Regards,
Eva Kemp.

#127782 Copied

Telepuzik

Participant

June 1, 2016 at 06:10

Not necessary this is a virus or trojan. I have same issues but with different theme.
Obfuscation is a means of “obscuring” the real meaning and intent of your javascript code. Some sites use it as an obstacle to people who want to copy/borrow their code. Other sites use it as a means to hide the actual intention of the code.

In my case it was third part plugin which disable mouse right click 🙂

Some forms of obscuration:

Automatically renaming variables to short meaningless names to make the code less readable and harder to understand.
Removing all extra whitespace and line breaks so the code is one giant long line.
Making parts of the code self-generating so that a first pass of the code runs to create the actual code that then runs to carry out the intended operation.
Uses character codes and string manipulation combined with eval rather than normal javascript code to construct the actual code that would run.
Obscuration is not by itself evil, but it can be used to try to hide an evil intent and that is probably what AVG was objecting to. It detected so much obscuration that it couldn’t tell if the javascript was attempting to do something it was trying to prevent. As such, it declared the code as unsafe by default since it can’t verify that the code seems OK.

Hope this helps 🙂

Cheers!

#127816 Copied

Eva Kemp

Participant

June 1, 2016 at 09:54

Hello,

So is your problem resolved now?

Regards,
Eva Kemp.

#127857 Copied

laocat21

Participant

June 1, 2016 at 10:17

Hi There

I will be working on the site again later today. I will try what you have suggested, ie. use a standard theme and turnoff 3rd party plugins. I will then update you.
Thanks

#127868 Copied

Jack Richardson

Support staff

June 1, 2016 at 12:17

Hello,

Ok, looking forward to your reply.

Best regards,
Jack Richardson.

#127894 Copied

laocat21

Participant

June 2, 2016 at 10:13

Hi there
I turned on one of the other standard themes and the problem went away. So I changed the Royal-Theme home page to the ‘minimalist’ home page and that seems to have cured the problem. There must be a script in the standard home page that McAfee thinks is a Trojan.

#128203 Copied

Eva Kemp

Participant

June 2, 2016 at 13:48

Hello,

We checked your site via online tools https://www.virustotal.com/en/url/a9c61e7ad768e09623827bee344d79f2e8f5ed19102393e33cc0acf4239d6a12/analysis/1464870532/ and nothing suspicious was found.

We recommend you to contact McAfee support and request detailed information regarding malicious script.

Regards,
Eva Kemp.

#128225 Copied
Viewing 10 results - 1 through 10 (of 10 total)