Malware Directly in Avada Them Files

Hi all,

I am by no means an advanced web developer. Meaning I may be way, way off base with this. I’ve had some recent issues with Google Adwords being disapproved. So I began investigating thoroughly, and I believe I found malicious script in the bootstrap.modal.js file, located here in the theme: /Avada/includes/lib/assets/min/js/library/bootstrap.modal.js

After taking the original theme file, downloaded from ThemeForest, [UnPHP Original Bootsrap.Modal.js](/) here: and plugging it into Eval + gzinflate + Base64 Decode I get: This. The Recursive De-Obfuscating returns This. And Custom Function and Regex Support returns This.

From my limited experience and Googling, this is malicious code. Any insights on this?

Base64 Decode is not necessarily a malicious code, it is a function in PHP & Javascript, if it was not useful why would the programmers of these languages develop it in the first place. A huge huge majority of “online malicious/malware code checkers” consider Base64 encode/decode as malicious because they can not check what’s inside a base64 encoded message. However, being said above there are ways to prevent using base64 code in the code.
My best suggestion would be to contact the theme author about it, post a comment on their item sales page here : and they’ll be quick to respond.