mikehende 0 Posted March 17, 2020 Share Posted March 17, 2020 Hello all, I use Eset for my computers but this inquiry is for my websites. 3 of my websites being hosted at Godaddy are down with them saying the sites are infected. I have copied all 3 websites files unto my desktop seeking to clean them myself. I used the virusTotal utility to scan one of the sites files and attached is the result of that scan if anyone can have a look please. The VirusTotal support told me: Quote VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We cannot solve/clean files. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans So this is why I am coming here for help since one of the entries showing relates to Eset, any ideas on my next steps please? Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 17, 2020 Administrators Share Posted March 17, 2020 I'd recommend sending the detected file to samples[at]eset.com as per https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab. Link to comment Share on other sites More sharing options...
mikehende 0 Posted March 17, 2020 Author Share Posted March 17, 2020 Thanks but then I would need to do the same with the file which shows as picked up by commodo? Link to comment Share on other sites More sharing options...
itman 1,746 Posted March 17, 2020 Share Posted March 17, 2020 (edited) Appears the malware is located in a .zip file, possibly something the web site offers for download, and is .php file based. Both Eset and Fortinet are great at scanning archives. Scan your websites here: https://quttera.com/ . Quttera will provide a detailed analysis which should pin point where the malware is. Edited March 17, 2020 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 17, 2020 Administrators Share Posted March 17, 2020 If I understand correctly, the archive contains all files from your website, ie. it's not an archive that you suddenly found on your site. Theoretically it could be a false positive, however, without checking files in the archive we can't tell for sure. If FP was confirmed, you could contact the maker of the other AV to fix the detection too. However, there's still a good chance that the detection is correct so please do as we instructed you to and submit the file to samples[at]eset.com, ideally also with a link to this topic enclosed. Link to comment Share on other sites More sharing options...
mikehende 0 Posted March 17, 2020 Author Share Posted March 17, 2020 (edited) Ok, will do advised thanks but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url? Edited March 17, 2020 by mikehende Link to comment Share on other sites More sharing options...
itman 1,746 Posted March 18, 2020 Share Posted March 18, 2020 (edited) 14 hours ago, mikehende said: but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url? Correct. I didn't realize that you had taken the web sites off-line. You can also submit the .zip file here for a sandbox analysis: https://www.hybrid-analysis.com/ . Also Joe's Sandbox for a second opinion: https://www.joesandbox.com/ . Scratch that. Both have 100MB file upload restrictions. Edited March 18, 2020 by itman Link to comment Share on other sites More sharing options...
mikehende 0 Posted March 18, 2020 Author Share Posted March 18, 2020 Yes the scan in my OP was done with zip file method by VirusTotal. Link to comment Share on other sites More sharing options...
Recommended Posts