Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
  • richnyc30 JATC

    When I click the email icon on an article a window pops up and shows the below. I have had trouble with malicious files and would like to know which Argo template files to overwrite with new files from a fresh Argo template.

    The site ahead contains malware

    Attackers currently on realstatistics.info might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).
    Automatically report details of possible security incidents to Google. Privacy policy
    Back to safetyHIDE DETAILS
    Google Safe Browsing recently detected malware on cameotimes.com. Websites that are normally safe are sometimes infected with malware. The malicious content comes from realstatistics.info, a known malware distributor. Learn more.

    If you understand the risks to your security, you may visit this unsafe site before the dangerous programs have been removed.

    Saguaros Moderator


    Please try to check this way:

    • Switch default template on your site (JA Argo) to a standard template of Joomla like Beez / Protostar and send email again

    • Try to temporarily disable any 3rd party extensions used on your site, if you have comment system for article content, disable it also.

    And let me know how it goes.


    richnyc30 JATC

    another site does this for the pop-up email – different from the other site which has the malicious message.
    When I changed to Beez3 the email pop-up works.

    parse error: failed at (~".span@{index}") { .span(@index); } line: 1341

    I also noticed when I tried to use anything but the blue template pages didn’t work. I have been doing some editing using LESS and maybe this has done some bad things. Here’s the non-blue template error for all pages.
    parse error: failed at (~".span@{index}") { .span(@index); } line: 1341

    Saguaros Moderator


    Could you update the URL of page where I can replicate issue?

    Also provide the login info: http://static.joomlart.com/images/blog/2015/nov/Add-new-post.gif


    richnyc30 JATC


    All email sending on any article is being redirected to RealStatisics.info.
    I have replaced most of the Mailto files and somewhere else is the redirect to Realstatistics.info, a site my host says is malicious.
    Other Argo sites work fine for sending email on the articles.

    Saguaros Moderator

    Hi Richard,

    Could you ask the host for help to find out the affected files? I also see the reported malware when clicking email.

    richnyc30 JATC

    Siteground had no answers. They sent me the list of files with malicious inserts. Getting fid of them does nothing for the email problem. In fact, they got the parse error: failed at (~".span@{index}") { .span(@index); } line: 1341 as they were not using Chrome.
    Any idea what ARGO files are involved. I did try other templates and the error is not occurring.

    Saguaros Moderator


    If template files are involved, after removing them, pls update the associated files from template package of JA Argo. May I know you use our template package originally or just install template in existing site? As this is the first time I’ve seen our template files having malicious.

    richnyc30 JATC

    I have replaced many of the files individually, but had some trouble using the zip file of the template and unzipping.
    Maybe I’m doing something wrong.

    What is the procedure for updating the template?

    I’m now getting the malicious files inserting themselves and Siteground is cutting off the site as emails seem to be sent out by the newly installed malicious files. This happens when using Breezing Forms or any communication to the site.

    Deleting or overwriting the files cures the problem (they send a list of files that are bad.)
    Here is the latest list after send a registration form in Breezing Forms.
    The — means deletion and ++ means overwriting with a good file.
    — HEX|eval_base64_obf_mailer|8d23dab52a032fc5db3281fb1309d55a|15/01/16|/home/richa292/public_html/cameotimes.com/components/com_modules/models/xml.php
    — HEX|eval_base64_obf_mailer|c8d9aad52c1fc91df37f12c3ec89d98d|26/12/16|/home/richa292/public_html/cameotimes.com/components/com_breezingforms/libraries/js/footer86.php
    — HEX|PHP_Backdoor|085bee72055750f499fcb75f68d0fb57|26/12/16|/home/richa292/public_html/cameotimes.com/footer.php
    ++ GEN|eval_base64decode|e8781a70a6c5154e1170a4ed32ef408a|08/01/17|/home/richa292/public_html/cameotimes.com/includes/framework.php
    — HEX|eval_base64_obf_mailer|8d23dab52a032fc5db3281fb1309d55a|15/01/16|/home/richa292/public_html/cameotimes.com/templates/beez3/javascript/user.php
    ++ GEN|eval_base64decode|b272dacc10cda4527b245fced4dbdfec|08/01/17|/home/richa292/public_html/cameotimes.com/index.php

    Saguaros Moderator

    It looks like it effected files from Breezing Form extension and Joomla core already, I don’t see any file from our template.

    Could you also check with these 3 party extensions?

    richnyc30 JATC

    Please tell me how to update the ARgo template.

    Saguaros Moderator

    You can use JA Extension Manager component (JAEM) – a free extension to update JA Argo template. What you can do is:

    • BACKUP your site first
    • Go to Administrator > Components > JAEM and put your JoomlArt memebership account into Services Manager of this component, remember to set JoomlArt updates services as default service.
    • Check new version for JA Argo template, you can see which files/folders will be updated

    Download: https://www.joomlart.com/downloads/free-joomla-extensions/joomla-3-2-5-ja-extensions-manager/
    Docs: https://www.joomlart.com/documentation/joomla-component/ja-extension-manager

Viewing 12 posts - 1 through 12 (of 12 total)

This topic contains 11 replies, has 2 voices, and was last updated by  Saguaros 1 year, 3 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum