Trojan Detection with AVG

  • Resolved informaticaedusouto

    (@informaticaedusouto)


    4 months, 2 weeks ago

    This morning, when I accessed the three websites where I use Elementor (on different hostings), the antivirus “AVG” indicated that the site has a “Script:SNH-gen [Trj]” or Trojan.

    The URL indicated is “../wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.22.3”.

    Since these are three different websites and there haven’t been any changes to the plugin, I understand that it could be a false positive.

    I am writing to confirm that everything is fine, see if this is happening to others, and if so, that it can be corrected.

    I have notified the antivirus as a false positive for review.

Viewing 15 replies - 1 through 15 (of 16 total)

  • I “had” the same problems with all WordPress sites in combination with Elementor.

    The problem seems to be solved since about 5 minutes. I can visit all websites with WordPress + Elementor without any warning message from Avast. Also elementor.com can be visited again without a warning message.

    Since no update was made to the Elementor plugin, “I suspect” that the virus database was corrected by Avast.

    Thread Starter informaticaedusouto

    (@informaticaedusouto)

    I agree with @boham , there are no more antivirus messages and since Elementor hasn’t changed, it indeed seems that a false positive has been corrected.

    After reinstalling the latest version (using Elementor’s own tools), the problem disappeared. And now, a strange situation. The file Avast flagged was 67,411 bytes, while the newest one is 67,412 bytes. The latest one contains this: /*! elementor – v3.22.0 – 26-06-2024 */ and the one Avast flagged contains this: /*! elementor – v3.22.0 – 24-06-2024 */. I’m not trying to suggest anything. After copying it to the disk, Avast no longer flagged the 67,411-byte file. So, the server version is bad, but the disk version is not. If needed, I can send this strange file /*! elementor – v3.22.0 – 24-06-2024 */.

    Same problem to me and still not fixed. anyone fixed ?

    Thread Starter informaticaedusouto

    (@informaticaedusouto)

    As already indicated, the antivirus no longer shows any warnings.

    Given this situation, I consider the case closed.

    If anyone continues to experience issues, as is often the case, clearing the browser cache should be sufficient.

    The message has appeared again, would the solution be to return to a version?

    The issue reappeared in version 3.22.2 in the file:

    https://serseo.pl/wp-content/plugins/elementor/assets/js/common-modules.min.js?ver=3.22.2

    but after updating to version 3.22.3, the message disappeared.

    I got exact same issue, but path is different…

    https://domain/wp-content/plugins/elementor/assests/js/common-modules.min.js?ver=3.22.3

    What I have been able to clarify:

    Avast remains silent on versions <3.20.0 (strangely, I downloaded version 3.20.1 from the official site, but after installation, it shows as 3.20.0). However, after installing versions >3.22.0, the following entry is added to the code of every page, generated in MySQL: /*! elementor – v3.22.0 – 26-06-2024 */ Please check if anyone with version >3.22.1 has this entry. It seems odd to me.

    I’ve had the same issue when logging in to a clients site to check update statuses.

    I searched google and found this. It’s happening in avast with the same markers as everyone else ha smentioned here: “Script:SNH-gen[TRJ]”

    I do believe this is a false positive of course especially because the “threat tag” is a generic one and it only triggered when I opened the editor to check a few things. My logic is that if there was a general all-round infection at CMS level, it would have triggered on landing page load (because if the editor is infected, how can the landing page NOT be infected?).

    So I’m going with the false positive view here. This isn’t Elementor’s fault, there’s been some sort of virus database update in the last 3 months that is producing false positives.

    I’m going to update the clients’ site as I intended & as other people have done on this thread and check if it vanishes.

    Got the same error this morning for /wp-content/plugins/elementor/assests/js/common-modules.min.js?ver=3.22.3 on the front-end.

    Ciao a tutti.

    Accade anche a me esattamente come a voi.

    Trasferendo il file incriminato (common-modules.min.js?ver=3.22.3) sul desktop Avast lo mette immediatamente in quarantena.

    PS Per scrivere questo messaggio ho dovuto utililzzare notepad con il copia/incolla altrimenti le parole risultano incomprensibili!

    • This reply was modified 4 months, 1 week ago by Claudio.

    I’ve been dealing with nothing else since morning, same problem. AVG antivirus started reporting the problem, so I reinstalled Avast and everything persists – I don’t know if I should try something else. If I reinstall an older version on the Elementor site, everything is fine. Does anyone have a solution? Another antivirus?

    It is interesting that Avast found this virus on my PC during the PC scanner, I moved it to quarantine, but the message persists even after reinstalling Google Chrome.

    • This reply was modified 4 months, 1 week ago by 1info6.

    Got the same error this morning for /wp-content/plugins/elementor/assests/js/common-modules.min.js?ver=3.22.3 on the front-end.

    But now its working with no special intervention.

    Buongiorno.

    Questa mattina Avast non segnala più il Trojan,

    Claudio

Viewing 15 replies - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.

Tags