Jump to content

Scanning website files on backend??


Recommended Posts

Hello all, I use Eset for my computers but this inquiry is for my websites. 3 of my websites being hosted at Godaddy are down with them saying the sites are infected. I have copied all 3 websites files unto my desktop seeking to clean them myself.

I used the virusTotal utility to scan one of the sites files and attached is the result of that scan if anyone can have a look please.

The VirusTotal  support told me:

Quote

VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We cannot solve/clean files. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans

So this is why I am coming here for help since one of the entries showing relates to Eset, any ideas on my next steps please? Thanks.

Screen Shot 2020-03-16 at 5.02.53 PM.png

Link to post
Share on other sites

Appears the malware is located in a .zip file, possibly something the web site offers for download, and is .php file based. Both Eset and Fortinet are great at scanning archives. Scan your websites here: https://quttera.com/ . Quttera will provide a detailed analysis which should pin point where the malware is.

Edited by itman
Link to post
Share on other sites
  • Administrators

If I understand correctly, the archive contains all files from your website, ie. it's not an archive that you suddenly found on your site. Theoretically it could be a false positive, however, without checking files in the archive we can't tell for sure. If FP was confirmed, you could contact the maker of the other AV to fix the detection too. However, there's still a good chance that the detection is correct so please do as we instructed you to and submit the file to samples[at]eset.com, ideally also with a link to this topic enclosed.

Link to post
Share on other sites

Ok, will do advised thanks but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url?

Edited by mikehende
Link to post
Share on other sites
14 hours ago, mikehende said:

but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url?

Correct. I didn't realize that you had taken the web sites off-line.

You can also submit the .zip file here for a sandbox analysis: https://www.hybrid-analysis.com/ . Also Joe's Sandbox for a second opinion: https://www.joesandbox.com/ . Scratch that. Both have 100MB file upload restrictions.

 

Edited by itman
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...