at this link wp-content/plugins/eventON/assets/js/add_to_calendar.js
following code was marked as “Trojan.JS.Redir.gen.309″
eval(function(p,a,c,k,e,r){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘b’+e(c)+’b’,’g’),k[c]);return p}(‘8 $d(d){1i D.5x(d)}6 1X=’1e://5.19/3s/3D-2U-3S.3U’;6 2h=”;6 2e=K;6 1P=’Q’;6 1y=”;6 2s=’5v 1V’;6 2c=’5u 1V’;6 27=’5t 1V’;6 2Y=’5k 1V’;6 2a=’5j 1V’;6 2F=’5g 5f’;6 2E=Q;6 2A=Q;6 2z=Q;6 2v=Q;6 36=Q;6 2Z=Q;6 25=K;6 5=8(){6 C=K,3l=5d,14=1,1T=”,2K;1i{U:8(){1r{1X=1X}1q(e){1X=’1e://5.19/3s/3D-2U-3S.3U’}1r{2h=5c}1q(e){}1r{2e=5b}1q(e){}1r{1P=58}1q(e){}6 a=5.3f(2h);6 b=D.1N(‘*’);2f(6 d=0;d<b.1U;d+=1){6 c=”,2m=K,3E=b[d].L,1m=”;4(3E==’5′){6 f=b[d].1N(‘N’);2f(6 m=0;m<f.1U;m+=1){4(f[m].L==’2S’){f[m].G.H=’I’}4(f[m].L==’2R’){f[m].G.H=’I’;c+=’&57=’+W(f[m].S)}4(f[m].L==’2B’){f[m].G.H=’I’;c+=’&55=’+W(f[m].S)}4(f[m].L==’2M’){f[m].G.H=’I’;c+=’&54=’+W(f[m].S)}4(f[m].L==’2J’){f[m].G.H=’I’;c+=’&53=’+W(f[m].S)}4(f[m].L==’2T’){f[m].G.H=’I’;c+=’&52=’+W(f[m].S)}4(f[m].L==’2w’){f[m].G.H=’I’;c+=’&4Y=’+W(f[m].S)}4(f[m].L==’2x’){f[m].G.H=’I’;c+=’&4W=’+W(f[m].S)}4(f[m].L==’2I’){f[m].G.H=’I’;c+=’&4V=’+W(f[m].S)}4(f[m].L==’3i’){f[m].G.H=’I’;c+=’&4T=’+W(f[m].S)}4(f[m].L==’2P’){f[m].G.H=’I’;c+=’&4S=’+W(f[m].S)}4(f[m].L==’4R’){f[m].G.H=’I’;c+=’&4Q=’+W(f[m].S)}4(f[m].L==’41’){f[m].G.H=’I’;c+=’&4O=’+W(f[m].S)}4(f[m].L==’2V’){4(f[m].S!=”){f[m].G.H=’I’;6 g=f[m].S.31(/ /2u,””);c+=’&2m=’+W(g);2m=Q}}}4(a){c+=’&4N=K’}c=c.31(/’/2u,”ยด”);4(2E){1m+=”+2s+”}4(2A){1m+=”+2c+”}4(2z){1m+=”+27+”}4(2v){1m+=”+2Y+”}4(36){1m+=”+2a+”}4(2m){4(2Z){1m+=”+2F+”}}4(!a){1m+=’4H’}b[d].34=’35’+14;b[d].L=’5-7′;b[d].4G=”;6 h=b[d].21(‘Y-2r’);4(h){b[d].4F(‘Y-2y’,c);b[d].11=8(){5.2r(13);1i K}}E{4(2e){b[d].4E=8(){4D(2K);5.P(13,’1z’,’1z’,Q)};b[d].4C=8(){2K=26(“5.3g();”,3h)};b[d].11=8(){1i K}}E{b[d].11=8(){5.P(13,’1z’,’1z’);1i K}}}6 i=b[d];6 j=D.2H(‘N’);j.34=’35’+14+’-7′;j.L=’1h’;j.S=1m;i.1O(j);14++}}4(1P==’K’){5.23()}E{5.3t(a)}},2r:8(f){6 a=f.21(‘Y-2y’);6 b=f.21(‘Y-2r’);5.1f(13,b,a)},1f:8(f,a,b){6 c=”,R=2t.2O,2o=Q,4B=4A 4z();4(a==’1g’){c=’1e://U.5.19/?1D=4y’+b+’&1F=’+R;2o=K}4(a==’1d’){c=’1e://U.5.19/?1D=4x’+b+’&1F=’+R}4(a==’1c’){c=’1e://U.5.19/?1D=4w’+b+’&1F=’+R}4(a==’1t’){c=’1e://U.5.19/?1D=4v’+b+’&1F=’+R}4(a==’1l’){c=’1e://U.5.19/?1D=4u’+b+’&1F=’+R;2o=K}4(a==’1u’){c=’1e://U.5.19/?1D=4t’+b+’&1F=’+R}4(a==’33’){c=’1e://5.19/’}4(c!=”){4(a!=’33’){6 d=f.21(‘Y-R’);6 g=$d(’35’+d);4(g){6 h=g.21(‘Y-4s’);4(h!=3M){h=h.31(/4q-2U/2u,a);1r{3P(h)}1q(e){}}}}4(2o){T.5B(c)}E{2t.2O=c}}4(1y){2f(6 i=0;iy){12=-k+’V’}E{12=i+’V’}}E 4(o==’1z’&&a==’1w’){B=-(l-j)+’V’;4(x>y){12=-k+’V’}E{12=i+’V’}}E{4(x>y){12=-k+’V’}E{12=i+’V’}4(z>A){B=-(l-j)+’V’}E{B=’Z’}}g.G.X=B;g.G.1j=12;4(D.1Y){D.1Y(“4U”,8(){5.22(c)},K)}E 4(D.1Z){D.1Z(“11”,8(){5.22(c)})}E{D.11=8(){5.22(c)}}}}},22:8(f){6 a=$d(f);6 b=$d(f+’-7′);4(a&&b){4(C&&b.G.H==’1H’){26(“5.28(‘”+f+”‘);”,3h)}}},3g:8(){5.22(1T)},28:8(f){6 a=$d(f);6 b=$d(f+’-7′);4(a&&b){a.L=’5-7′;b.G.H=’I’;b.G.3L=”}},3K:8(){C=Q},3z:8(){6 w=0,h=0,y=0,x=0;4(4X(T.3a)==’4Z’){w=T.3a;h=T.51}E 4(D.1k&&(D.1k.2q||D.1k.29)){w=D.1k.2q;h=D.1k.29}E 4(D.1x&&(D.1x.2q||D.1x.29)){w=D.1x.2q;h=D.1x.29}4(D.56){x=(D.1k.30)?D.1k.30:D.1x.30;y=(D.1k.2C)?D.1k.2C:D.1x.2C}E{x=T.59;y=T.5a}1i w+’/’+h+’/’+x+’/’+y},3F:8(a){6 x=0,y=0;4(a.3X){x=a.3W;y=a.3n;5e(a=a.3X){x+=a.3W;y+=a.3n}}1i x+’/’+y},3O:8(a,b){6 x=a;6 y;4(x.3w){y=x.3w[b]}E 4(T.3v){y=D.5h.3v(x,3M).5i(b)}1i y},3f:8(f){6 b=2t.2O;6 c=Q;6 d=f;6 e=d.1U;4(e==20){6 a=d.2X(0,1);6 z=d.2X(9,10);6 m=d.2X(17,18);4(a!=’a’){c=K}4(z!=’z’){c=K}4(m!=’m’){c=K}}E{c=K}4(b.5l(‘5.19′)==-1&&d==’5m’){c=K}1i c},5n:8(){6 a=D.1N(‘*’);2f(6 d=0;d<a.1U;d+=1){4(a[d].L==’5-7′){a[d].L=’5′}}5.U()},5o:8(f){1y=f},5p:8(l,t){6 x=l.5q();4(x==’1g’){2s=t}4(x==’1d’){2c=t}4(x==’1c’){27=t}4(x==’1l’){2a=t}4(x==’5r’){2F=t}},5s:8(c){4(c.3T!=F){2h=c.3T}4(c.2p!=F){4(c.2p){1P=’Q’}E{1P=’K’}}4(c.3d!=F){2e=c.3d}4(c.1g!=F){4(c.1g.P!=F){2E=c.1g.P}}4(c.1d!=F){4(c.1d.P!=F){2A=c.1d.P}}4(c.1c!=F){4(c.1c.P!=F){2z=c.1c.P}}4(c.1t!=F){4(c.1t.P!=F){2v=c.1t.P}}4(c.1l!=F){4(c.1l.P!=F){36=c.1l.P}}4(c.1u!=F){4(c.1u.P!=F){2Z=c.1u.P}}4(c.1g!=F){4(c.1g.J!=F){2s=c.1g.J}}4(c.1d!=F){4(c.1d.J!=F){2c=c.1d.J}}4(c.1c!=F){4(c.1c.J!=F){27=c.1c.J}}4(c.1t!=F){4(c.1t.J!=F){2Y=c.1t.J}}4(c.1l!=F){4(c.1l.J!=F){2a=c.1l.J}}4(c.1u!=F){4(c.1u.J!=F){5w=c.1u.J}}4(c.3J!=F){1y=c.3J}}}}();4(T.1Y){T.1Y(“5y”,8(){25=Q;5.23();5.U()},K);T.1Y(“5z”,8(){5.U()},K)}E 4(T.1Z){T.1Z(“5A”,8(){25=Q;5.23();5.U()});T.1Z(“3b”,8(){5.U()})}E{T.3b=8(){5.U()}}4(!25){26(“5.23();5.U();”,20)}’,62,348,’||||if|addthisevent|var|drop|function|||||||||||||||||||||||||||||||document|else|undefined|style|display|none|text|false|className|1px|span|border|show|true|ref|innerHTML|window|generate|px|encodeURIComponent|left|data|0px||onclick|dropy|this|dropzcx||solid|||com|parseInt|font|yahoo|google|http|cli|outlook|addthisevent_dropdown|return|top|documentElement|ical|htmx|color|class|background|catch|try|2px|hotmail|facebook|6px|right|body|_ate_callback|auto|rgba|3px|shadow|service|em|reference|box|block|position|radius|important|decoration|9px|getElementsByTagName|appendChild|_ate_css|size|padding|moz|olddrop|length|Calendar|width|_image_path|addEventListener|attachEvent||getAttribute|force|trycss|webkit|_d_rd|setTimeout|_ate_lbl_yahoo|hide|clientHeight|_ate_lbl_ical|height|_ate_lbl_google|10px|_ate_mouse|for|absolute|_ate_license|index|fff|styleSheet|margin|fbevent|bebebe|nw|css|clientWidth|direct|_ate_lbl_outlook|location|gi|_ate_show_hotmail|_location|_organizer|url|_ate_show_yahoo|_ate_show_google|_end|scrollTop|weight|_ate_show_outlook|_ate_lbl_fb_event|12px|createElement|_organizer_email|_summary|dropmousetim|hover|_zonecode|6d84b4|href|_all_day_event|200px|_start|_url|_description|calendar|_facebook_event|align|substring|_ate_lbl_hotmail|_ate_show_facebook|scrollLeft|replace|frs|home|id|atedrop|_ate_show_ical|cursor|createTextNode|cssText|innerWidth|onload|f4f4f4|mouse|type|glicense|out|200|_attendees|normal|555|dropzind|bold|offsetTop|14px|up|8px|hidden|gfx|applycss|down|getComputedStyle|currentStyle|split|copyx|viewport|selected|110|brx|icon|str|elementposition|offsetWidth|99999|offsetHeight|callback|tim|zIndex|null|c8c8c8|getstyle|eval|bottom|a8a8a8|t1|license|png|head|offsetLeft|offsetParent|relative|pointer|line|_uid|175px|active|aab9d4|15px|21px|default|180px|overflow|35px|e0e0e0|100|5px|d9d9d9|101|cacaca|repeat|no|333|arial|family|inline|visibility|description|alert|ate|blur|track|FACEBOOK|ICAL|HOTMAIL|YAHOO|GOOGLE|OUTLOOK|Date|new|now|onmouseout|clearTimeout|onmouseover|setAttribute|title|AddThisEvent|ateical|atehotmail|ateyahoo|ategoogle|ateoutlook|credits|uid|f7f7f7|dateformat|_date_format|dallday|datte|click|dorgaem|dorga|typeof|dloca|number||innerHeight|ddesc|dsum|dzone|dend|all|dstart|_css|pageXOffset|pageYOffset|_mouse|_license|999999|while|Event|Facebook|defaultView|getPropertyValue|iCal|Hotmail|indexOf|aao8iuet5zp9iqw5sm9z|refresh|callcack|setlabel|toLowerCase|facebookevent|settings|Yahoo|Google|Outlook|_ate_lbl_facebook|getElementById|DOMContentLoaded|load|onreadystatechange|open’.split(‘|’),0,{}))
- Apr 1,2020 AT 2:11PM - 5 years agoHello,
Thank you for your messages, I am going to assign this ticket to Ashan and he will be able to take it from here and find you a solution. Please allow some time for him to get back to you, we greatly appreciate your patience and thank you for being a eventon customer!
Could you also tell which program or service marked it this way?
EventON plugin does NOT come with this file “wp-content/plugins/eventON/assets/js/add_to_calendar.js” It appears this file may be added by your website. What this tells me might be that your website may have been compromised with the trojan. Please contact your web host to see if they can assist with removing the virus.
Hello
thank you, that means, i can delete this file?
Yes you can delete this file. But I dont know if deleting will do the trick. Because usually these types of viruses create this file dynamically so if u delete it, the virus will create it again.