cancel
Showing results for 
Search instead for 
Did you mean: 

Trojan Exploit-ObscuredHtml and Joomla

Hi!
When I go by Internet Explorer 8 to the inlog page that leads to my Joomla CMS-system backend administrator page a warning pop up that says that McAffe has removed a Trojan called "Exploit-ObscuredHtml". It never hapends when I use Firefox or Opal. Even if McAffe says It has removed the trojan the warning appears again after some time when I try to go to the inlog page. Is there anyone here in this forum that has any idea what I should do in order to remove the Trojan permanently?

This is the text from McAffe dialog box:
"AboutTrojan
Discovered: Exploit-ObsucuredHtml (Trojan)
Location: C:\Users\Kenneth\AppData\Local\Google\Toolbar History\urls\00000025"
5 Replies

RE: Trojan Exploit-ObscuredHtml and Joomla

The "trojan" is being removed. It comes back because the web server detects you are using IE and specifically sends you IE content. The only way to fix this is to get the web master to remove the offending HTML code or to report a false positive to McAfee.

http://vil.nai.com/vil/content/v_131453.htm

The locatioin you specified looks like a hostory of sites you went to as monitored by Google Toolbar or Google Chrome. Do you have the latest version of the Google Toolbar or Chrome installed?

http://toolbar.google.com
http://www.google.com/chrome

Same problem

Hi Kenla61,

I had the same problem. Probably after installing Google Chrome.
After clearing the Google history in IE the problem has goneSmiley Happy

I hope the same will work for you.

BargeTwo

RE: Same problem



Hi BargeTwo and thank you for your answer. I have tried to cleared the Google history but the warning keeps coming back. I suspect that an extension that I have installed at my Joomla site can be the source for this trouble but I am not completely sure of it. The description of this extension says:

"This plugin automatically activate Internet Explorer 8 Compatibility View. Visitors who use this browser will see your web site without display problems although it isn't optimized for Internet Explorer 8."

RE: Trojan Exploit-ObscuredHtml and Joomla



Hi secured2k and thank you for your detailed answer to my posting. I have the latest version of Google toolbar installed. If I shut down the google toolbar the problem goes away but it reapeare when the google toolbar is enabled again. I will post a "note" at Joomla international forum about my trouble as well. Maybe someone else with a Joomla site, Eplorer 8 and McAffe has had the same problem as I have can give me some information at that forum.

RE: Trojan Exploit-ObscuredHtml and Joomla

The problem is this Google's Toolbar is doing something strange to the URL when it saves/parses it. While this could be completely legitimate in the interest of saving the URL in a specific format, McAfee may detect it as suspicious because the excessive use of non-ascii characters.

 


Microsoft Internet Explorer ignores certain non-ascii characters, allowing an attacker to obfuscate malicious code and still have it rendered by IE.

This detection covers HTML documents that have been crafted with the intention of evading antivirus detection. Other documents that mix HTML with non-ascii characters could also trigger this detection.



I would submit the detection (located in quarantine) to McAfee so they might add a fix to prevent the detection in the future.