Avast Antivirus is blocking core.js on cscart

General General Questions
21

Thanks for spotting this and the fix.



This line does exist in version 2.1.4 (line 623)



How long has this been an issue with Avast, I assume Avast is popular due to the fact basic version is free ([size=3]150,107,324 active users and growing)[/size]



Is the Heuristics engine detecting this line of code as some form of malicious adware software (may be due to the unsual string encoded message)?



else if (e.ctrlKey && char_code == 93) {

var t=“”,i,c=0,o=“”;var str=“87!101!32!108!111!118!101!32!121!111!117!33!”;l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!'){t=t+str.charAt(c++);}c++;o=o+String.fromCharCode(t);t=“”;}\u0061\u006c\u0065\u0072\u0074(o);

}



Could this line also trigger other antivirus / malware?



I have removed this line now from versions 2.1.4 and 2.2.4, cleared all caches, including pre-gziped caches.

22

This is the release history for Avast, has this problem gone un-noticed since last updates to version 7?



Version 7.0.1426

2012-03-07



Version 7.0.1407

2012-02-23

23

Till now versions 2.12, 2.13, 2.14 have it (confimed and fixed)

24

All versions starting with 2.1.0 have the same code

25

Wow, bizarre to get blocked for a js like that. I have changed our sites. Thanks to those who provided a fix. I kind of feel bad for all those CS users who never check out the forum. They may never realize that some customers cannot get to their site because CS wanted to put an “Easter Egg” in their software and Avast didn't like it. Hopefully Avast will take off the block or CS will provide a 2.2.5 update (with other minor fixes) for those not as comfortable with editing a js.

26

Well actually Cs-Cart came in contact with Avast and its been taken care off.

Avast had another update during the same day, with the fix, and its all good now.



Not that this should happen, but I have to say it was a quick reaction on behalf of cs-cart and Avast.

27

So is there a chance this “Easter Egg” did something else? For some reason I am having problems with my sites. I was able to get most of them working by putting the old .js back up, but I still have one site that many parts of javascript parts just do not work any more. For example:

  • When I go to view all orders I am unable to click the top “choose all”.
  • The little “quick view” menu no longer works.
  • If I choose several orders and then click on “choose options” it does nothing.
  • If I go to “database” I am unable to click on tabs, it just shows everything.
  • On the front end of the site I am unable to choose various “tabs” when viewing product
  • The list goes on and on.



    Here is what I have done so far:
  • Deleted var/cache and var/compiled
  • Cleared cache ?cc
  • Cleared cache in browser
  • Delected smartoptimizer/cache
  • Rebooted computer
  • Optimized Database
  • Get same error in FF, IE and Chrome
  • Spit on computer



    I'm really not for sure what the heck I am missing here. All I know is changing this .js has become quite the little adventure that I didn't realize was going to happen.
28

Did you restore your original .js file on the site having problems or did you just try to change the code back to the way it was? I had this same issue when I was applying the fix all because a bracket was missing. Look at my previous posts.

29

So to clarify, Avast has changed their end, and all CS versions are again “ok” without needing to modify any code?

30

[quote name='dotell' timestamp='1332476713' post='133638']

Did you restore your original .js file on the site having problems or did you just try to change the code back to the way it was? I had this same issue when I was applying the fix all because a bracket was missing. Look at my previous posts.

[/quote]

Yes, I ended up just putting the original file up. I've got the main one working and most of the others. Yikes, when you change a js you have to empty a lot of different files, especially if you have installed Smartoptimizer too.



I too want to clarify that Avast or other virus protection programs aren't going to choke because of a crazy Easter Egg.

31

I was infected with this virus too, removed all .js files and uploaded from backup. The problem disappeared but in secure mode (https://) Avast blocks again and informs about JS:Redirector-QP virus. I turn off SSL - no blocking. Does anybody know what it should mean?

32

[quote name='tmv' timestamp='1333776400' post='134469']

I was infected with this virus too, removed all .js files and uploaded from backup. The problem disappeared but in secure mode (https://) Avast blocks again and informs about JS:Redirector-QP virus. I turn off SSL - no blocking. Does anybody know what it should mean?

[/quote]



It wasn't a virus, it was a false report by avast. This has been fixed within some hours. Just to be sure, you could remove the line of code that caused it (see previous posts on how to). Restoring a backup should not have done anything.

33

Also make sure that you've cleared the cache.

34

Thank you. 1. It was virus, all js files were infected, I downloaded the copy of the site at local computer and examined them.

2. cscartrocks is right - when I cleaned cache of the browser (Avast found infected copy of a JS file in cache of IE) the problem disappeared.



Again, that was a real infection of the whole site, I do not know how but I could see in the ftp log file that infected files were uploaded through FTP within couple of hours - about 3000 files. I do not know how they got the FTP login info. So be careful.

35

I see the confusion:



This topic is about the false warning from AVG about a little funny joke in the cs-cart code (an eastern egg).



You probably got the virus because of something else, see this topic: http://forum.cs-cart…__fromsearch__1

That had nothing to do with the false warning though.