Autson Slideshow – Trojen Virus Shown By Antivirus

A client notified me that their Avast AntiVirus was blocking their own site because of clickjack attempts, more specifically Threat:JS:HideMe-I [Trj] with a big shiny red TROJAN HORSE BLOCKED alert.

Here’s how I recovered the usability of Autson Slideshow:

1. Open \modules\mod_AutsonSlideShow\tmpl\default.php

2. Around line 564 locate and delete this script that looks something like this:

<script language="JavaScript">
function dnnViewState()
{
var a=0,m,v,t,z,x=new Array('xxxxxx'),l=x.length;while(++a<=l){m=x[l-a];
t=z='';
for(v=0;v<m.length;){t+=m.charAt(v++);
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();
</script>

 

Also in Joomla 1.5 module remove this line at the bottom

<p>By A <a href="http://www.autson.com/" title="web design company">Web Design</a></p>

After removing these two chunks of code from Autson Slideshow Avast did not report a clickjack attempt on page load. I ran several online scanners and none of them reported anything suspicious so having made these changes, Autson Slideshow can be used with no warnings.