Scanning website files on backend??

[mikehende 0]

Hello all, I use Eset for my computers but this inquiry is for my websites. 3 of my websites being hosted at Godaddy are down with them saying the sites are infected. I have copied all 3 websites files unto my desktop seeking to clean them myself.

I used the virusTotal utility to scan one of the sites files and attached is the result of that scan if anyone can have a look please.

The VirusTotal  support told me:

Quote

VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We cannot solve/clean files. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans

So this is why I am coming here for help since one of the entries showing relates to Eset, any ideas on my next steps please? Thanks.

[Marcos 5,070]

I'd recommend sending the detected file to samples[at]eset.com as per https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab.

[mikehende 0]

Thanks but then I would need to do the same with the file which shows as picked up by commodo?

[itman 1,659]

Appears the malware is located in a .zip file, possibly something the web site offers for download, and is .php file based. Both Eset and Fortinet are great at scanning archives. Scan your websites here: https://quttera.com/ . Quttera will provide a detailed analysis which should pin point where the malware is.

Edited March 17, 2020 by itman

[Marcos 5,070]

If I understand correctly, the archive contains all files from your website, ie. it's not an archive that you suddenly found on your site. Theoretically it could be a false positive, however, without checking files in the archive we can't tell for sure. If FP was confirmed, you could contact the maker of the other AV to fix the detection too. However, there's still a good chance that the detection is correct so please do as we instructed you to and submit the file to samples[at]eset.com, ideally also with a link to this topic enclosed.

[mikehende 0]

Ok, will do advised thanks but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url?

Edited March 17, 2020 by mikehende

[itman 1,659]

14 hours ago, mikehende said:

but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url?

Correct. I didn't realize that you had taken the web sites off-line.

You can also submit the .zip file here for a sandbox analysis: https://www.hybrid-analysis.com/ . Also Joe's Sandbox for a second opinion: https://www.joesandbox.com/ . Scratch that. Both have 100MB file upload restrictions.

 

Edited March 18, 2020 by itman

[mikehende 0]

Yes the scan in my OP was done with zip file method by VirusTotal.