Jump to content

how to identify a web virus if only eset is triggered ?

Rémi

By Rémi
in Malware Finding and Cleaning

 Share

Recommended Posts

Rémi

Rémi 0

Posted
Posted

Hi,

one of my customers suddenly had an eset warning when trying to browse her own wordpress-powered website.

If I test the website on virustotal, there is no detection. But I inspected the source for the home page, and found a series of suspicious urls to a remote js file: 

workdevapp.com/1deb3dd710d8d90c20.js

This url do trigger eset on virustotal. But only eset, all other antivirus are green...

How do I know if it's really a virus ?

Thanks,

--

Rémi

Link to comment
Share on other sites
Rémi

Rémi 0

Posted
  • Author
Posted

I did some more testing, so I have to add that the entire workdevapp.com domain seems blacklisted by eset.

https://www.virustotal.com/fr/url/cd5a6ae2fa40f7a16aa606e828db50446ded4e333ae09b2480cda80491bc2e31/analysis/

But that the js file itself does not trigger eset. But it does trigger zonealarm and Kaspersky as an adware.

https://www.virustotal.com/fr/file/cec906f1fc42b843aaa4aaa12db15767882547e5e247b4e0489f76313b14da45/analysis/1539006038/

Link to comment
Share on other sites
  • 1 month later...
MichalKacer

MichalKacer 0

Posted
Posted

I have same problem I don't know how but eset endpoint antivirus started to popping up a workdevapp.com  and it's saying that adress has been blocked but when I tried to exit the window. I can't it's still popping up can someone help me please.

workdevapp.png

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...