S:Trojan.Cryxos.2960 within Optimize?

Autoptimize only combines and minifies the JS found in the page and does not add JS of it’s own in those files Martijn, so either one of the original files is infected (resulting in the autoptimized file being too) or something is changing the autoptimize JS (adding code to it) or (fingers crossed) this is simply a false positive.

Hard to say which one really, but you could try;
1. clearing Autoptimize (and page) cache and try again
2. if the message persists, investigate the contents of the file looking for suspicious code
3. compare the contents of the autoptimized JS with JS you find (linked or inline) on unoptimized pages to see which original file might be causing this
4. you could also untick “aggregate JS” to see if the warning persists or disalbe “optimize JS” alltogether.

hope this helps,
frank

Hi Frank,

Thank you for your feedback and clarification. I Appreciate it!

Kind regards,
Martijn

So I’m not alone then. I also got the same error today.

Hello, I had the same issue today! What can we do?

• This reply was modified 4 years, 8 months ago by jenspohle.

re. what you can do; see this earlier answer

If someone finds out something about the origin, I ask for further information! (In the meantime cleaned my files so that I can no longer check where it came from)

if someone has a URL of a site where this is still happening, I’ll be happy to have a look.

A user informed us about the same issue on our site today, too. Could you please let me know, how to send you the url on a secure way?

you can mail me at futtta-at-gmail-dot-com ??

thx, mail has been sent ??

Update from my site:

My hosting company did a deep scan of my website for malicious malware etc. They didn’t find any vulnerabilities.

I still don’t trust everything is ok, so I purchased a Sucuri Membership. I’ll let them look at my website as well.

If a learn something, I’ll let you know.

@optimizingmatters: I am curious if you find something on the provided url by diespeedy?

• This reply was modified 4 years, 8 months ago by MartijnAtWordPress.
• This reply was modified 4 years, 8 months ago by MartijnAtWordPress.
• This reply was modified 4 years, 8 months ago by MartijnAtWordPress.

Just had a client message me about this exact same problem. I will email futtta-at-gmail-dot-com the page that is giving the malware notification.

-Mike

FYI I just did a virus scan on the specific file that was giving my client the malware notice and the file came up clean and normal. I might just untick “aggregate JS” in the meantime.

OK, did some research with the link provided by @diespeedy and feeding (uploading, providing the link resulted in no warnings) the aggregated JS file to https://www.virustotal.com/gui/home/upload and then starting to remove chunks of the JS and retesting on the virustotal tool to get the minimal set of JS that results in the warning.

Based on that, it seems like the combination of 2 files triggers this; isotope.pkgd.min.js (which came packaged in the theme) and wp-includes/js/imagesloaded.min.js which is part of WordPress core. Removing either from the aggregated JS file makes the warning go away.

The imagesloaded is 100% certain not tainted (it is identical to the JS found on my own blog for example) and the isotope one looks OK as well.

Based on this I’m fairly certain these indeed are false positives. For anyone experiencing this try adding imagesloaded.min.js to the comma-separated JS optimization exclusion list (assuming you indeed have imagesloaded being enqueued) and see if that “fixes” the problem?

Okay, sounds valid. I tried to exclude the js. Actually I can`t reproduce the issue (due cached file is gone now ;), but I am going to have this checked by the user again. Coming back with an update asap.