搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

chango worm javascript code insertion

more options

I am a web developer creating multiple sites on the Joomla2.5 platform on a dedicated server. On one of my computers and only one) when editing code in html view using Firefox 14.0, toggling between text and html mode, the following scipt is automatically added to the end of the article code:

<script id="__changoScript" type="text/javascript">// </script>

This happens on any of my sites, when edited on this one computer. It doesn't happen on this computer with Safari or Chrome.

I have removed Firefox and reinstalled - same problem. I ran Malwarebytes..it found and deleted the following:

Registry Keys Detected: 6 HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-adk (Rootkit.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

But the problem remains...anyone seen something like this or got any suggestions?

Thanks, Andrew

I am a web developer creating multiple sites on the Joomla2.5 platform on a dedicated server. On one of my computers and only one) when editing code in html view using Firefox 14.0, toggling between text and html mode, the following scipt is automatically added to the end of the article code: <script id="__changoScript" type="text/javascript">// <![CDATA[ var __chd__ = {'aid':11079,'chaid':'www_objectify_ca'};(function() { var c = document.createElement('script'); c.type = 'text/javascript'; c.async = true;c.src = ( 'https:' == document.location.protocol ? 'https://z': 'http://p') + '.chango.com/static/c.js'; var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(c, s);})(); // ]]></script> This happens on any of my sites, when edited on this one computer. It doesn't happen on this computer with Safari or Chrome. I have removed Firefox and reinstalled - same problem. I ran Malwarebytes..it found and deleted the following: Registry Keys Detected: 6 HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-adk (Rootkit.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. But the problem remains...anyone seen something like this or got any suggestions? Thanks, Andrew

所有回复 (1)

more options

If your computer has a rootkit agent, you probably should do a deep cleaning with anti-rootkit software.

Chango says it offers "search retargeting" services to advertisers. Perhaps this has been incorporated into one of your add-ons unique to this installation of Firefox? Try disabling all non-essential extensions here:

orange Firefox button or classic Tools menu > Add-ons > Extensions category