Suspected Trojan found in Javascript code from theme bought here

Hi Everyone,

I ran a Virus scan on my Mac & it came up with a Theme that I bought here, but never ended up using (Client changed their mind). ClamXav scanned the zip file that I downloaded & said it was infected with Trojan.js-75

I googled “Trojan.js-75” but couldn’t find out if it is malicious code, or just a false positive form the Virus scan.

I contacted support to tell them, and they just said to take it up with the author.

Seems to me that given they run the market place they should take more of an interest in the items being sold through their website.

Is there even the slightest little tiny possibility that you have many themes currently on your computer, and maybe not 100% of them were downloaded legally? Assuming that’s not the case, you did purchase it, right? So have you tried to re-download the file from ThemeForest and confirm the actual package downloaded from ThemeForest contains this trojan? Or are you just going off the old files that were sitting on your computer only?

There are viruses which infect other files. The reviewer always check for viruses before they approve the item I think.

ThemeBlvd, you could not have known this, but I do not pirate, not even a little. The files were downloaded from here. Also to double check I did redownload the file on my macbook air (second computer) and re-scanned. It is possible that both computers are affected I guess, but I have them both scanned with current virus definitions and other than the zip file which I have not opened, both have come up clean.

It’s not the Trojan that really bothers me. I have not installed it on a server, so no harm done. It is the fact that I contact support, they passed the buck to the author. I just heard back from the author & he said Envato would have caught anything, so don’t worry.

Kinda makes me wary of future purchase from here.

Hi Integral, this is a bit of a concern if it turns out the file we’re hosting is infected. Can you please contact me through the form on my profile with a link to the item in question so I can investigate further?

Thanks!

Integral said
I ran a Virus scan on my Mac

I did not know this is reasonable or possible at all.

cmt said

Integral said
I ran a Virus scan on my Mac

I did not know this is reasonable or possible at all.

All computers should have virus protection! I use Sophos on my MacBook Pro

I have heard back from Support:

Thank you for your message to Envato support. I downloaded and tested the ‘xxxxx’ template with ‘ClamXav’ and it’s reporting the file ‘jquery-ui-personalized-1.5.2.packed.js’. This appears to be a false positive from ClamXav as that particular script is relatively common (it’s used to create a tabbed interface) and does not appear to have any offending code within it. You can see this particular script in action on Nettuts+...

Something that simple would have been a welcome message from the get go, rather than “contact someone else”.

I have blocked out the name of the template, as I mentioned early on, I was not positive about it, and do not wish the author any negative exposure.

Thanks Japh & Jami

Thank you for reporting your progress here, Integral.

I also scanned the item with Sophos on my Mac, and it came up completely clean. So I would agree with Jami that ClamXav is reporting a false positive.

Also, sorry to hear you were given a poor initial response too. That’s not how we usually handle things

Japh said

cmt said

Integral said
I ran a Virus scan on my Mac

I did not know this is reasonable or possible at all.

All computers should have virus protection! I use Sophos on my MacBook Pro

Thanks, I’ll have it in mind.