Solved: Autson Slideshow clickjack issue

A client notified me that their Avast AntiVirus was blocking their own site because of clickjack attempts, more specifically JS:Clickjack-A [Trj] with a big shiny red TROJAN HORSE BLOCKED alert.

Avast blocking clickjack trojan

After looking for the problem in their Joomla installation and template files I started turning third party modules on and off while remote desktopping on my client’s computer and testing with their Avast. Turned out the site didn’t get blocked after disabling Autson Slideshow, a nice slideshow module that has unfortunately now been discontinued and their site is non-functional aswell.

Since I had used Autson Slideshow on other projects too, I needed a solution.

Here’s how I recovered the usability of Autson Slideshow:

1. Open \modules\mod_AutsonSlideShow\tmpl\default.php

2. Around line 564 locate and delete this script that looks something like this:

<script language="JavaScript">
function dnnViewState()
var a=0,m,v,t,z,x=new Array('xxxxxx'),l=x.length;while(++a<=l){m=x[l-a];
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();

3. At the very end of the file, around line 788, locate and delete this code:

<p class="dnn">By A <a href="" title="web design company">Web Design</a></p>


After removing these two chunks of code from Autson Slideshow Avast did not report a clickjack attempt on page load. I ran several online scanners and none of them reported anything suspicious so having made these changes, Autson Slideshow can be used with no warnings.

For those unlucky enough to have their default.php deleted by antivirus, here is a fresh version with no harmful code: default.php in a .zip container


For further reading see this being discussed on Joomla forum or check out these articles:

Remove extensions from Autson/iNowWeb/Plimun – Malicious !!

Website Malware – Sharp Increase in SPAM Attacks – WordPress & Joomla

Post Author: Tom Pai