JS/Downloader.Agent in footer.php?

  • I run an AVG virus scan every morning at 7 am. Today it notified me it found several exploits of JS/Downloader.Agent in 3 WordPress themes — Lush, Lilac and Naruto. The exploits were in the zip files as well as in /themes.

    All were in footer.php.

    I was only using one theme and the others I had viewed but didn’t like. They have been on my websites/computer for months and I did not update anything on my blogs dealing with themes in months.

    These were encoded footer.php files.

    Now, since those have been around for a while and AVG just picked it up, one could assume that it deals with the most recent AVG update and it’s pulling a false positive on an exploit/virus.

    Has anyone else found this JS/Downloader.Agent in their themes?

Viewing 1 replies (of 1 total)

  • It is not a false positive.

    I’ve had the same problem, always in the footer.php file. Since I couldn’t heal the file or open it to look at the code, I changed the file extension to txt and had a look – sure enough, not a php file.

    themes: michal1, all-business, liberty and simple_white

    It shouldn’t be too hard to write a proper footer, but to the p.o.s. who decided to be cute and try slipping this trojan into a WordPress theme…shame on you.

Viewing 1 replies (of 1 total)
  • The topic ‘JS/Downloader.Agent in footer.php?’ is closed to new replies.