My website is being blocked because of JS:Clickjack-A [Trj]

[tuka78]

I
My website was updated from joomla 2.5.13 to 2.5.14 and know is detected as malicious with trojan JS:Clickjack-A [Trj].
I've looked everywhere and I can't find a solution for this problem.
Any help to solve this problem is welcome.

[sitesrus]

Who's detecting your website as malicious?

Recommendations:
1)Change all your account passwords (cpanel, ftp, etc.).
2)Register and use cloudflare, all you have to do is change your name servers (free)
3)Upload fresh clean files of your joomla version over FTP and overwrite old ones (binary transfer mode)
4)Re-install all 3rd party extensions with fresh clean downloads
5)Check the JED for extensions on protecting admin backend
6)Check your server for php functions disabled and if suhosin, mod_security, things like that
7)Add captchas on your site and sign up for an account (contact form, login, registration,etc)
8)Don't use pirated commercial extensions just because they're free

This will help combat possible issues and protect you against future ones.

[mandville]

the last paragraph is relevant to you .

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.

[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.

[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled.

[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.

[ ] Replace the deleted files with fresh copies of a current full version of Joomla (minus the installation directory) you downloaded earlier. Install freshly downloaded copies of any extensions and templates used on the site. If the Joomla database user name and password were changed earlier, then make the necessary changes to the configuration.php file and upload a copy to the website. Upload any non-Joomla files that are necessary for your website. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7 document.

[tuka78]

Thanks for the answers.
My website wasn't hacked.
It works properly but, for example, avast antivirus detects it like a trojan like I said before.
In other machines with other antivirus works fine.
I simply don't understand why Avast detects it like a trojan.
I didn't install nothing. I simply update joomla.
Still don't get it

[wdws]

I am experiencing the same error on one of my Joomla websites. I have no idea how to correct this as well. I am running Avast. Keep me posted of anything that you find out.

Thanks!
Scott

[sitesrus]

You have to evaluate files being reported as malicious or problematic, if it's joomla compare it to a seperate joomla download (matching your version) and see if it's altered. If it's third party re-download and install the extension.

If it's a random file un-related to anything...you may have an issue and it shouldn't be there?

[zorro07]

Hi,
I have exactly the same problem but My Joomla version is 1.5.
The site has been recently recognized as dangerous by Avast only: JS:Clickjack-A.
Tanks you !

[mandville]

contact the developer of your antivirus for assistance if you do not believe you are hacked or using malicious extensions

[wdws]

Zorro...what extensions are you using on your site? Maybe we can compare and see if it is a third party extension that we both are using that is vulnerable.

Have you changed any passwords to your site as of yet?

[Hairs]

My Avast too has detected JS:Clickjack-A [Trj]
http://www.hairf ysh.com/{gzip}

I have installed Forum Post Assistant If someone would like to help me out with this please.
As mention by other posters, All I did was upgrade to Joomla! 2.5.14.
I have upgraded other sites that i manage without a problem.
Cheers

[mandville]

Please POST the results from your FPA as stated.
try accessing your sites from computers running different AV and see if you get a hit again and what file its reporting on
contact the developer of your antivirus for assistance if you do not believe you are hacked or using malicious extensions

[Hairs]

Hi mandville,
I have changed Virus scanner and I don't get this pop up anymore.
"URL: http://www.hairfy sh.com/|{gzip}
Process: C:\Program Files\Mozilla Firefox\firefox...
Infection: JS:Clickjack-A [Trj]"

I have also used a number of online Website Checkers and none have reported a problem.
A forum that I use(Myswag.org) has blocked all linked pictures to my site.
Anyway,
Here is my FPA
Thank you for your time.

[04-Aug-2013 16:48:53 Australia/Perth] PHP Warning: Module \'zip\' already loaded in Unknown on line 0

Joomla! Instance :: Joomla! 2.5.14-Stable (Ember) 01-August-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: hairfysh (uid: 1/gid: 1) | Group: hairfysh (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 1 | Cache: 2 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 1 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-458.6.2.lve1.2.28.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_perl/2.0.5 Perl/v5.10.1 | Encoding: gzip, deflate | Doc Root: /home/hairfysh/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.24 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: 04th August 2013 16:52:00. | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 32M

MySQL Configuration :: Version: 5.5.24-cll (Client:5.5.24) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 28.34 MiB | #of Tables: 172

PHP Extensions :: Core (5.3.24) | date (5.3.24) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.24) | Phar (2.0.1) | posix () | pspell () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | suhosin (0.9.33) | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | timezonedb () | pdo_mysql (1.0.2) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: WF_AGGREGATOR_VIMEO_TITLE (2.3.3.2) | WF_AGGREGATOR_[youtube]_TITLE (2.3.3.2) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.3.2) | WF_AGGREGATOR_VINE_TITLE (2.3.3.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.3.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.3.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.3.2) | WF_POPUPS_WINDOW_TITLE (2.3.3.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.3.2) | WF_LINK_SEARCH_TITLE (2.3.3.2) | WF_ARTICLE_TITLE (2.3.3.2) | WF_AUTOSAVE_TITLE (2.3.3.2) | WF_BROWSER_TITLE (2.3.3.2) | WF_CLEANUP_TITLE (2.3.3.2) | WF_CONTEXTMENU_TITLE (2.3.3.2) | WF_DIRECTIONALITY_TITLE (2.3.3.2) | WF_FULLSCREEN_TITLE (2.3.3.2) | WF_IMGMANAGER_TITLE (2.3.3.2) | WF_INLINEPOPUPS_TITLE (2.3.3.2) | WF_LAYER_TITLE (2.3.3.2) | WF_LINK_TITLE (2.3.3.2) | WF_LISTS_TITLE (2.3.3.2) | WF_MEDIA_TITLE (2.3.3.2) | WF_NONBREAKING_TITLE (2.3.3.2) | WF_PREVIEW_TITLE (2.3.3.2) | WF_PRINT_TITLE (2.3.3.2) | WF_SEARCHREPLACE_TITLE (2.3.3.2) | WF_SOURCE_TITLE (2.3.3.2) | WF_SPELLCHECKER_TITLE (2.3.3.2) | WF_STYLE_TITLE (2.3.3.2) | WF_TABLE_TITLE (2.3.3.2) | WF_TEXTCASE_TITLE (2.3.3.2) | WF_VISUALCHARS_TITLE (2.3.3.2) | WF_XHTMLXTRAS_TITLE (2.3.3.2) | WF_ANCHOR_TITLE (2.3.3.2) | WF_VISUALBLOCKS_TITLE (2.3.3.2) | WF_KITCHENSINK_TITLE (2.3.3.2) | WF_CLIPBOARD_TITLE (2.3.3.2) | WF_CHARMAP_TITLE (2.3.3.2) | com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_admin (2.5.0) | com_banners (2.5.0) | com_cache (2.5.0) | com_categories (2.5.0) | com_checkin (2.5.0) | com_config (2.5.0) | com_content (2.5.0) | com_cpanel (2.5.0) | com_installer (2.5.0) | JCE (2.3.3.2) | Unknown (-) | com_joaktree (1.4.3) | com_languages (2.5.0) | com_login (2.5.0) | com_media (2.5.0) | com_menus (2.5.0) | com_messages (2.5.0) | com_modules (2.5.0) | com_newsfeeds (2.5.0) | com_plugins (2.5.0) | com_redirect (2.5.0) | com_search (2.5.0) | com_templates (2.5.0) | com_users (2.5.0) | com_weblinks (2.5.0) | Akeeba (3.7.5) | Gantry (4.1.9) | com_finder (2.5.0) | COM_GANALYTICS (1.1.0) | com_joomlaupdate (2.5.0) | Quick Logout (1.7.1) | FlexBanners (2.0.0) | com_phocaguestbook (2.0.7) | JCrawler (1.11) | Fox Contact Joomla 1.5 (-) | COM_FOXCONTACT (2.0.17) | jNews CB Plugin (1.1) | jNews Forward to Friend (2.1) | jNews Content Bot (2.6) | jNews K2 Bot (2.1) | jNews Share Bot (2.1) | jNews User Synchronization (2.1) | jNews Module (2.1) | jNews Tag: Date and Time (2.1) | jNews Tag: Site Links (2.1) | jNews Tag: Subscriber (2.1) | jNews Tag: Subscriptions (2.1) | VirtueMart Products (2.1) | jNews-Virtuemart Newsletter Su (2.6) | jNews (8.1.1) | aclsfgpl (5.4) | Admintools (2.5.5) |

Modules :: SITE :: JGMap - Google Map (0.15.5) | mod_articles_archive (2.5.0) | mod_articles_categories (2.5.0) | mod_articles_category (2.5.0) | mod_articles_latest (2.5.0) | mod_articles_news (2.5.0) | mod_articles_popular (2.5.0) | mod_banners (2.5.0) | mod_breadcrumbs (2.5.0) | mod_custom (2.5.0) | mod_feed (2.5.0) | mod_footer (2.5.0) | Joaktree Related Items (1.3) | mod_languages (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_random_image (2.5.0) | mod_related_items (2.5.0) | mod_search (2.5.0) | sigplus (1.4.1.2) | mod_stats (2.5.0) | mod_syndicate (2.5.0) | mod_users_latest (2.5.0) | mod_weblinks (2.5.0) | mod_whosonline (2.5.0) | mod_wrapper (2.5.0) | ARI Ext Menu (2.0.14) | Autson Slideshow (1.2) | SP Accordion module (2.5.0) | IceCarousel Module (1.7.2) | Article Intro (1.0.0) | mod_finder (2.5.0) | MOD_GANALYTICS_STATS (1.1.0) | MOD_GANALYTICS_STATS_COUNT (1.1.0) | Drop Down Articles (1.6.1) | FlexBanners (2.0.0) | HD-Background Selector (1.1) | Latest articles with thumbnail (1.5.0) | JBGMusic (4.0) | Fox Contact (2.0.17) | IceNewsBlock Module (1.7.0) | Simple File Lister v1.0 (1.0) | ARTICLES_PLACED_ANYWHERE (1.0.1) | JJ Shoutbox (1.2.3) | Newsletter Subscriber (1.2) | HD-ArticleModule (1.1) | jNews Module (2.1) | siteLogo (1.6) |
Modules :: ADMIN :: mod_custom (2.5.0) | mod_feed (2.5.0) | mod_latest (2.5.0) | mod_logged (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_online (1.6.0) | mod_popular (2.5.0) | mod_quickicon (2.5.0) | mod_status (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_unread (1.6.0) | mod_multilangstatus (2.5.0) | mod_version (2.5.0) | MOD_BETTERPREVIEW (2.1.3FREE) | MOD_CACHECLEANER (2.2.0FREE) | Admin Tools Joomla! Upgrade No (revA16BC0E) |

Plugins :: SITE :: plg_authentification_example (1.6.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_example (1.0) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | Content - JPlayer (1.6.1) | plg_content_loadmodule (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | Content - BonckoLen Image Gall (2.1.2) | Content - Image gallery - sigp (1.4.1.2) | plg_content_vote (2.5.0) | Include Content Item (1.7.11) | plg_content_finder (2.5.0) | googleAds (1.73) | Admiror Frames (2.0) | Content - Newsletter Subscribe (1.2) | [youtube] Plugin (1.1) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | plg_editors_jce (2.3.3.2) | Editor - JoomlaCK (6.1) | System - JCK Typography (3.4. | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | JTreeLink (1.0) | Unknown (0.1) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_readmore (2.5.0) | PLG_EDITORS-XTD_MODULESANYWHER (1.13.3) | PLG_EDITORS-XTD_SLIDER (2.1.5FREE) | PLG_EDITORS-XTD_ARTICLESANYWHE (3.1.6FREE) | plg_extension_example (1.0) | plg_extension_joomla (2.5.0) | plg_search_categories (2.5.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_joaktree (1.3.1) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | plg_system_cache (2.5.0) | plg_system_debug (2.5.0) | System - EasyCalcCheck PLUS - (1.6-2) | plg_system_languagefilter (2.5.0) | plg_system_log (2.5.0) | plg_system_logout (2.5.0) | plg_system_p3p (2.5.0) | Google Maps (2.13a) | plg_system_redirect (2.5.0) | plg_system_remember (2.5.0) | plg_system_sef (2.5.0) | System - JCE MediaBox (1.1.9) | System - Gantry (4.1.9) | plg_system_highlight (2.5.0) | plg_system_languagecode (2.5.0) | System - GAnalytics Tracking (1.1.0) | plg_sys_topofthepage (1.12) | PLG_SYSTEM_MODULESANYWHERE (1.13.3) | PLG_SYSTEM_NNFRAMEWORK (13.5.5) | PLG_SYSTEM_BETTERPREVIEW (2.1.3FREE) | PLG_SYS_ADMINEXILE (1.12) | PLG_SYSTEM_SLIDER (2.1.5FREE) | PLG_SYSTEM_CACHECLEANER (2.2.0FREE) | jNews Cron Plugin (2.0) | System - JCK Typography (3.4. | System - Admin Tools (2.5.5) | PLG_SYSTEM_ARTICLESANYWHERE (3.1.6FREE) | plg_system_jch_optimize (2.1.1) | plg_user_contactcreator (2.5.0) | plg_user_example (1.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | jNews User Synchronization (2.1) | plg_captcha_recaptcha (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_jcefilebrowser (2.3.3.2) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | jNews Forward to Friend (2.1) | jNews Content Bot (2.6) | jNews Share Bot (2.1) | jNews Tag: Date and Time (2.1) | jNews Tag: Site Links (2.1) | jNews Tag: Subscriber (2.1) | jNews Tag: Subscriptions (2.1) |

Templates :: SITE :: atomic (2.5.0) | beez_20 (2.5.0) | desert-orange (1.6.0) | green-day (1.6.0) | Temp (1.0) | Temp (1.0) | beez5 (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |

[zorro07]

Thank you for your answers guys.
I finally found that it was the "twitter module" that caused this problem.
Cheers

[mandville]

if you wish to name that extension or check it out on the JEd or send it via vel.joomla.org

[brian]

@Hairs Autson Slideshow (1.2)

This is your problem - it is very very nasty

[erixis]

Having the same JS:ClickJack problem on a Joomla 2.5 site I just upgraded to 2.5.14 as well. Here's the forum post assistant info. Hope someone can ID a problem here:

getting clickjack alert from Avast after upgrade to 2.5.14

Joomla! Instance :: Joomla! 2.5.14-Stable (Ember) 01-August-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: olm (uid: 1/gid: 1) | Group: olm (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-308.8.2.el5.028stab101.1 | Technology: i686 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /home/olm/www/jom/mbugboil/ | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.13 | PHP API: cgi-fcgi | Session Path Writable: No | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 200M | Max. POST Size: 200M | Max. Input Time: 600s | Max. Execution Time: 600 | Memory Limit: 250M

MySQL Configuration :: Version: 5.0.45-community (Client:5.0.45) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 25.66 MiB | #of Tables:  166

PHP Extensions :: Core (5.3.13) | date (5.3.13) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.13) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | Reflection ($Id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | imap () | SimpleXML (0.1) | soap () | sockets () | SQLite (2.0-dev) | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: WF_CLEANUP_TITLE (2.3.2.4) | WF_INLINEPOPUPS_TITLE (2.3.2.4) | WF_ANCHOR_TITLE (2.3.2.4) | WF_NONBREAKING_TITLE (2.3.2.4) | WF_AUTOSAVE_TITLE (2.3.2.4) | WF_VISUALCHARS_TITLE (2.3.2.4) | WF_DIRECTIONALITY_TITLE (2.3.2.4) | WF_CHARMAP_TITLE (2.3.2.4) | WF_KITCHENSINK_TITLE (2.3.2.4) | WF_STYLE_TITLE (2.3.2.4) | WF_FULLSCREEN_TITLE (2.3.2.4) | WF_CONTEXTMENU_TITLE (2.3.2.4) | WF_ARTICLE_TITLE (2.3.2.4) | WF_PREVIEW_TITLE (2.3.2.4) | WF_XHTMLXTRAS_TITLE (2.3.2.4) | WF_SEARCHREPLACE_TITLE (2.3.2.4) | WF_IMGMANAGER_TITLE (2.3.2.4) | WF_MEDIA_TITLE (2.3.2.4) | WF_PRINT_TITLE (2.3.2.4) | WF_LAYER_TITLE (2.3.2.4) | WF_LISTS_TITLE (2.3.2.4) | WF_TABLE_TITLE (2.3.2.4) | WF_CLIPBOARD_TITLE (2.3.2.4) | WF_BROWSER_TITLE (2.3.2.4) | WF_SOURCE_TITLE (2.3.2.4) | WF_TEXTCASE_TITLE (2.3.2.4) | WF_VISUALBLOCKS_TITLE (2.3.2.4) | WF_SPELLCHECKER_TITLE (2.3.2.4) | WF_LINK_TITLE (2.3.2.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.2.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.2.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.2.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.2.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.2.4) | WF_LINK_SEARCH_TITLE (2.3.2.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.2.4) | WF_POPUPS_WINDOW_TITLE (2.3.2.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.2.4) | com_wrapper (2.5.0) | com_mailto (2.5.0) |
Components :: ADMIN :: JCE (2.3.2.4) | Unknown (-) | Caddy (1.75-J1.7) | com_menus (2.5.0) | Mobile Joomla! (1.2.5.1) | com_languages (2.5.0) | com_search (2.5.0) | com_plugins (2.5.0) | com_newsfeeds (2.5.0) | Akeeba (3.7.10) | com_cache (2.5.0) | AcePolls (1.0.7) | com_content (2.5.0) | com_login (2.5.0) | COM_UAM (0.16a) | Admintools (2.5.6) | com_installer (2.5.0) | com_redirect (2.5.0) | com_media (2.5.0) | com_categories (2.5.0) | com_modules (2.5.0) | com_messages (2.5.0) | com_banners (2.5.0) | com_weblinks (2.5.0) | com_joomlaupdate (2.5.0) | com_admin (2.5.0) | com_config (2.5.0) | aPoll (3.0.0) | eXtplorer (2.1.0RC5) | com_templates (2.5.0) | com_cpanel (2.5.0) | com_checkin (2.5.0) | com_finder (2.5.0) | com_users (2.5.0) | CKEditor (1.6-rc1) |

Modules :: SITE :: Copyright Current Year (1.0.1) | mod_weblinks (2.5.0) | mod_related_items (2.5.0) | mod_articles_categories (2.5.0) | Mobile Menu (1.2.5.1) | mod_articles_popular (2.5.0) | mod_syndicate (2.5.0) | mod_stats (2.5.0) | mod_articles_latest (2.5.0) | Header (1.2.5.1) | mod_janalytics (3.0.0) | ITPFacebookLikeBox (1.0) | AcePolls (1.0.0) | mod_users_latest (2.5.0) | mod_footer (2.5.0) | mod_custom (2.5.0) | Abivia Auto-Copyright (1.0.0) | mod_wrapper (2.5.0) | mod_feed (2.5.0) | mod_login (2.5.0) | mod_search (2.5.0) | Facebook FanBox (1.1.0) | mod_articles_news (2.5.0) | mod_articles_archive (2.5.0) | mod_breadcrumbs (2.5.0) | mod_banners (2.5.0) | simplecaddy (1.75 for J1.7) | Pro Super Slider (1.0.6) | mod_articles_category (2.5.0) | mod_random_image (2.5.0) | [spam] for Joomla! (1.0.0) | mod_whosonline (2.5.0) | aPoll Module (3.0.0) | mod_finder (2.5.0) | mod_menu (2.5.0) | Select Markup (1.2.5.1) | mod_languages (2.5.0) |
Modules :: ADMIN :: mod_multilangstatus (2.5.0) | mod_popular (2.5.0) | mod_toolbar (2.5.0) | mod_online (1.6.0) | mod_custom (2.5.0) | mod_feed (2.5.0) | mod_login (2.5.0) | mod_version (2.5.0) | mod_unread (1.6.0) | mod_status (2.5.0) | mod_logged (2.5.0) | mod_quickicon (2.5.0) | MOD_AKADMIN_TITLE (3.7.10) | Admin Tools Joomla! Upgrade No (2.2.a3) | Admin Tools Joomla! Upgrade No (2.5.6) | mod_latest (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_menu (2.5.0) |

Plugins :: SITE :: plg_quickicon_akeebabackup (1.0) | plg_quickicon_joomlaupdate (2.5.0) | Quickicon - Mobile Joomla! CPa (1.2.5.1) | plg_quickicon_atoolsjupdateche (1.0) | plg_quickicon_jcefilebrowser (2.3.2.4) | plg_quickicon_extensionupdate (2.5.0) | plg_finder_content (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_categories (2.5.0) | AcePolls - Mighty Touch (1.0.0) | AcePolls - JomSocial (1.0.0) | AcePolls - AlphaUserPoints (1.0.0) | System - Remove Joomla Generat (1.6.1) | plg_system_sef (2.5.0) | System - Admin Tools Update Em (1.0) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | System - AG Search Verify (1.0.1) | System - JCE MediaBox (1.1.9) | plg_system_highlight (2.5.0) | plg_system_redirect (2.5.0) | System - Joomla! Update Email (1.0) | System - Facebook SDK (1.0) | Mobile Joomla! (1.2.5.1) | System - GD SEO Verify (1.0.4) | plg_system_debug (2.5.0) | plg_system_logout (2.5.0) | plg_system_remember (2.5.0) | plg_system_p3p (2.5.0) | plg_system_languagefilter (2.5.0) | PLG_SYSTEM_AKLAZY_TITLE (3.7.GOODBYE) | System - Admin Tools (2.5.6) | PLG_SRP_TITLE (3.7.10) | plg_system_languagecode (2.5.0) | plg_system_log (2.5.0) | System - One Click Action (2.1) | plg_system_cache (2.5.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_content_finder (2.5.0) | Content - Load AcePolls (1.0.0) | plg_content_emailcloak (2.5.0) | plg_content_geshi (2.5.0) | plg_content_vote (2.5.0) | Content - ITPShare (1.1) | plg_content_pagenavigation (2.5.0) | plg_content_loadmodule (2.5.0) | simplecaddy (1.7.5-J1.7) | plg_content_joomla (2.5.0) | plg_content_pagebreak (2.5.0) | plg_editors_tinymce (3.5.4.1) | Editor - JoomlaCK (3.4.1) | plg_editors_codemirror (1.0) | plg_editors_jce (2.3.2.4) | Joomla! Links for Advanced Lin (1.2.1) | Editor - CKEditor (3.5) | plg_user_contactcreator (2.5.0) | plg_user_profile (2.5.0) | plg_user_joomla (2.5.0) | Mobile - ScientiaMobile (1.2-2013.04.1) | Mobile - Domains (1.2.5.1) | Mobile Joomla! Ad Remover (1.0 RC) | Mobile - Simple (1.2.5.1) | Mobile - Forever (1.2.5.1) | Mobile - AMDD (1.2.5.1) | plg_extension_joomla (2.5.0) | Search - AcePolls (1.0.0) | plg_search_content (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_contacts (2.5.0) | plg_search_categories (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) |

Templates :: SITE :: atomic (2.5.0) | beez5 (2.5.0) | mobile_iphone (1.2.5.1) | jubilee (1.0) | mobile_imode (1.2.5.1) | mobile_smartphone (1.2.5.1) | jubilee2 (2.0) | mobile_wap (1.2.5.1) | beez_20 (2.5.0) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |

[erixis]

Further investigation shows that my problem is the "[spam] for Joomla" module. Not sure if this is related to the 2.5.14 upgrade or something that Avast is picking up as a false alarm. Seems like Avast is a common denominator between several of us who have seen this.

[erixis]

Looks like the BBcode is blocking the name of the module I think is causing my problem. It appears to be an outdated module. The developer's site is not online any longer. It was a social sharing module called share this for joomla! It was from a developer whose site used to be here: http://www.iNowWeb.com but appears to be off line now. I think in my case, this is an Avast antivirus false alarm. I've had that extension on there for several years.

[brian]

Yes thats a VERY VERY nasty module that included a remote file with spam links etc on your site

[erixis]

Thank you Brian! I've removed it from the site. I appreciate your help here in the forums!

Eric

[brian]

Glad to help and I just wish the bad behaviour of autson had been spotted much earlier

[Hairs]

@Hairs Autson Slideshow (1.2)

This is your problem - it is very very nasty

G'day Brian,
I have removed this from my site.
I appreciate your time in pointing this out to me.
I will chase up another module to display a slideshow.
Thank you again for your input.
Cheers.

[brian]

Glad to have helped in some small way

[perceptiveforce]

I had a false flag by avast for a module for joomla called Share this for Joomla! It was created by Sharif Mamdouh. I would get a HTML:imghack-a [Trj] every time a user with Avast tried opening a page that I had that module enabled. I disabled that module and then every page opened up just fine. Then I removed the module. The website that I removed the module is www.exposedfiles.com which is coming up clean as it should be.

[mandville]

for a module for joomla called Share this for Joomla! It was created by Sharif Mamdouh.

another from the same malicious stable

iNowWeb.com (author: Sharif Mamdouh):
- AddThis For Joomla!
- Share This for Joomla!
- iNowSlider (mod_iNowSlider)
- iNow Twitter Widget (mod_TwitterWidget)
- BrainyQuote for Joomla! (mod_JoomlaBrainyQuote)
- Quotes By keyWord! (mod_JoomlaQuotes)
- iNow Wikio (mod_JoomlaWikio)
- iNow Twitter (mod_TwitterForJoomla)
- QuickJump for Joomla! (mod_quickjump)

Autson.com (author: xing):
- VirtueMart Advanced Search
- Skitter Slideshow
- FaceBook Slider
- Twitter Friends & Followers
- Flying Tweets
- Autson Twitter Search
- Twitter Quote
- FaceBook Show

Plimun.com:
- Plimun Twitter Ticker
- Twitter Show
- Nivo Slider

http://forum.joomla.org/viewtopic.php?t=795946
http://blog.sucuri.net/2013/04/when-goo ... sites.html

[abqsue]

Glad to help and I just wish the bad behaviour of autson had been spotted much earlier

Thank you very much, Brian. I also had the clickjack warning from avast. I removed autson from my site and all is working well. Don't know why upgrading to J!2.5.14 triggered this, but I'm glad it did

[wdws]

The Autson slideshow adds the following code to the /modules/mod_AutsonSlideShow/tmpl/default.php file and is considered a clickjack:

Code: Select all

<script language="JavaScript">



function dnnViewState()



{



var a=0,m,v,t,z,x=new Array('9091968376','8881333333338896','778787','949990717'),l=x.length;while(++a<=l){m=x[l-a];



t=z='';



for(v=0;v<m.length;){t+=m.charAt(v++);



if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);



t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();



</script>

<p class="dnn">By A <a href="http://www.[banned].com/" title="web design company">Web Design</a></p>

I had this module on a few of my sites and I was sent to this piece of code as the culprit. I removed the code and all is good now and no more alerts.

[Site51]

Também não estava conseguindo acessar o meu site quando estava usando o avast!
Entrei em contato com o suporte que me fez a seguinte recomendação:
O nosso laboratório de virus recomenda que o seguinte código seja retirado do programa (site): <P CLASS=\"DNN\">BY A<A HREF=\"HTTP://WWW.AUTSON.COM/\
consegui buscar e retirar esse código de dentro do site. Ele estava num módulo de slides dentro do site.
Depois disso tudo voltou funcionar perfeitamente.
Agradeço e recomendo o suporte do avast! que é muito eficiente.
Obtive a resposta em menos de 24 horas.

[sitesrus]

qué?

[wdws]

Site51's response was in Portuguese. Here is the translation:

It was also not able to access my website when I was using avast!
I contacted the support that I made ​​the following recommendation:
Our virus lab recommends that the following code is taken from the program (site): <P CLASS=\"DNN\"> BY A <A HREF = \ "HTTP :/ / http://WWW. AUTSON. COM / \
could seek and remove this code from within the site. He was in a module slides into the site.
After that everything was back to work perfectly.
I appreciate the support and recommend avast! which is very efficient.
The response obtained in less than 24 hours.