Home > Technical & Creative Skills > Programming, Servers & Scripts

Adware warning from ESET for most ripped Landers (7)

08-07-2019 03:56 PM #1 stevedc (Member)
Adware warning from ESET for most ripped Landers

I have been ripping a number of landers that I am attempting to clean up and use for my own campaigns. However, in the majority of cases when I attempt to view these landers using Atom's liver server, I get an ESET warning telling me that a threat has been found.. JS/Adware.Agent.AF (see screenshot)

I am fairly good with code but I have tried combing through all the Javascript and even removing all the JQuery files and replacing them with clean files but this threat still appears. I have searched Google and get mixed answers about how much of a threat this is. It is preventing me from getting my landers up and running at the moment and would appreciate any insight please?

08-07-2019 04:56 PM #2 stevedc (Member)

After digging deeper into the code it seems this bit of code is causing the alert...

<script type="text/javascript">
!function(){
var t;
try{
for(t=0;10>t;++t)history.pushState({},"","#");
onpopstate=function(t){
t.state&&location.replace('#')
}
}
catch(o){}
}();</script>

The code messes with the back button and for some reason ESET doesn't like it and flags it as adware. Considering a lot of the world use ESET for their antivirus its potentially a problem for all of us.

08-07-2019 09:52 PM #3 matuloo (Legendary Moderator)

My college is using ESET too and it's true that a lot of LPs trigger the warning, and even offer urls. Funny thing is, we've tested quite a few offers that triggered the warning and most of them were still converting pretty well. Not sure if eset isn't as popular as I thought it would be or there was some other reason for this... I didn't really analyze the code in such a deep detail as you did, will have to tell my coder to check the backbutton LPs we have to see whether it's caused by that function. Thanks for the tip!

08-07-2019 10:46 PM #4 jaybot (Veteran Member)

Looking at the code, it looks like a simple back button history rewrite. This is used all over the place. Even on desktop cat blogs.

I think ESET is just being too sensitive and trying to protect people from great offers where you can win an iPhone XS for $1.

A large % of people, especially on Windows 8 and up, don't use any extra protection other than the default MS Security Essentials that come with.

On another note, I almost always replace any ripped lander's jquery, bootstrap, and common js/css files with clean ones directly from a fosses cdn (such as https://cdnjs.com/ )

I've not noticed any performance hit, and it saves a lot of time combing through code for tricky clicks.

08-07-2019 11:31 PM #5 stevedc (Member)

Originally Posted by jaybot

They most certainly are being very sensitive and judging by some of the moans on ESET forum, it is affecting ordinary folk just trying to do normal browsing on various sites also. For me I am just going to disable this part of the code in my landers.

08-08-2019 02:02 AM #6 erikgyepes (Moderator)

Would be interesting to see what exactly triggers that warning in the code.
Must be the history.pushState() in the cycle that's repeating 10 times.
Maybe slight modification of the script would help.
Anyway if you run mobile I would not worry as much as most people don't have antivirus on their phones (especially ESET, which is paid).

08-08-2019 01:23 PM #7 stevedc (Member)

Originally Posted by erikgyepes

true

Home > Technical & Creative Skills > Programming, Servers & Scripts