The other day, I asked about virus scan for the web, but there is not so much responses to it. Well, all my websites got hacked later on and someone placed a malware, and I have to spend money to ask a company to clean up one of the site and then cleaned the rest of them myself.
One question bothers me now is this code added to any js call that I saw in all my webpages whenever there is a call to a java script file.
Can anyone tell me if this is McAfee TP generated code or it's because I was looking at at the source code of a webpage while I was behind a fire-wall or if this is another attack code left by a Malware?
The code is like this:
When I open the source code at home, the function call is simply contains it's name only without any attribute after the '?' sign..
I'm talking about looking at a webpage, then view the source code instead of open the original htm file.
Any help would be appreciated.
Aris/Message was edited by: drt12 on 11/21/11 12:29:20 AM CST
Tried to edit but couldn't do it from my iPhone. The only reference I found was http://webmasters.stackexchange.com/questions/2308/what-is-sfgdataq-that-i-see-appended-to-some-requ....
I really hope someone can enlighten us of this extra code since now I see them almost in every source code of the website I open from a machine behind a firewall. Could this be part of windows, fairfox or firewall program?
However as this is all way over the heads of us volunteers I'm afraid you'd probably be better off asking these sorts of questions on a web page designer forum or a browser support one perhaps.Message was edited by: Ex_Brit on 21/11/11 10:54:05 EST AM
It is possible that the inserted js code is something to do with McAfee but it needs one of the higher-level technical experts to confirm this. I only surmise that it might be McAfee-related because of an exchange I found in this thread from a games forum :
It looks to me that this particular issue (at least in the Firefox example cited above) is caused by a network security appliance that either your corporate network (if you're accessing from work) or your ISP is using. I'd urge you to reach out to someone responsible for network technical support to let them know that one of their network appliances is making invalid HTML changes to webpages.
It is also possible, according to what the poster is saying, that a browser add-on might be responsible for the extra js code, or - most likely - that it might have been inserted by your ISP :
Message was edited by: Hayton on 21/11/11 17:40:33 GMT
It's common for ISP to use tricks like this to minimize website loading time over low-bandwidth connections, like wireless.
Thanks for the reply.
I'm interested in this code, since it was appended to all my js calls whenever I opened my site using my laptop that was working behind a very tight firewall. However, as you mentioned in your answer to other thread, yes, this malware was caused by redirecting to co.cr site. I just wanted to make sure that the cleaning by sucuri.net totally removed the threat.
Thanks for your help.
Aris/Message was edited by: drt12 on 11/21/11 8:20:10 PM CST
The site that being blocked by google was cleaned by sucuri.net but it got infected again. Sucuri then found out that I had a WP2.8.6 in one of my folders on the server and the theft had used that old WP as their gateway to put a file, css.js in my root directory. After I had removed the old WP, sucuri removed the js file as well as all the lines contained the call to that js file and my site was declared to be free of malware by almost all the AV companies including McAfee Siteadvisor. However, McAfee Siteadvisor still said that my other infected sites were okay even though these sites contained the css.js as well as the call to this js file in the index files on these infected sites. Sucuri picked out those sites and declared them as infected site until I removed both the css.js file and the call to it.
This was the reason I brought this topic here, since I expected the SiteAdvisor would pick up the css.js and the call to it as malwares.
BTW, Google has unblocked my site www.atanone.net again, after sucuri.net and I requested separately to unblock it.
Aris/Message was edited by: drt12 on 11/21/11 5:49:35 PM CST
The site that being blocked by google was cleaned by sucuri.net but it got infected again. Sucuri then found out that I had a WP2.8.6 in one of my folders on the server and those thieves had used that old WP as their gateway to put a file, css.js in my root directory.Message was edited by: drt12 on 11/21/11 5:49:35 PM CST
There was a typo in my answered above and I have corrected it.
Sorry, I don't know where to post and I don't mind if this thread has to be moved.