Jump to content
mikehende

Scanning website files on backend??

Recommended Posts

Hello all, I use Eset for my computers but this inquiry is for my websites. 3 of my websites being hosted at Godaddy are down with them saying the sites are infected. I have copied all 3 websites files unto my desktop seeking to clean them myself.

I used the virusTotal utility to scan one of the sites files and attached is the result of that scan if anyone can have a look please.

The VirusTotal  support told me:

Quote

VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We cannot solve/clean files. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans

So this is why I am coming here for help since one of the entries showing relates to Eset, any ideas on my next steps please? Thanks.

Screen Shot 2020-03-16 at 5.02.53 PM.png

Share this post


Link to post
Share on other sites

Thanks but then I would need to do the same with the file which shows as picked up by commodo?

Share this post


Link to post
Share on other sites
Posted (edited)

Appears the malware is located in a .zip file, possibly something the web site offers for download, and is .php file based. Both Eset and Fortinet are great at scanning archives. Scan your websites here: https://quttera.com/ . Quttera will provide a detailed analysis which should pin point where the malware is.

Edited by itman

Share this post


Link to post
Share on other sites

If I understand correctly, the archive contains all files from your website, ie. it's not an archive that you suddenly found on your site. Theoretically it could be a false positive, however, without checking files in the archive we can't tell for sure. If FP was confirmed, you could contact the maker of the other AV to fix the detection too. However, there's still a good chance that the detection is correct so please do as we instructed you to and submit the file to samples[at]eset.com, ideally also with a link to this topic enclosed.

Share this post


Link to post
Share on other sites
Posted (edited)

Ok, will do advised thanks but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url?

Edited by mikehende

Share this post


Link to post
Share on other sites
Posted (edited)
14 hours ago, mikehende said:

but since the sites are inactive I cannot scan the files at quttera since the files are on my desktop and not a url?

Correct. I didn't realize that you had taken the web sites off-line.

You can also submit the .zip file here for a sandbox analysis: https://www.hybrid-analysis.com/ . Also Joe's Sandbox for a second opinion: https://www.joesandbox.com/ . Scratch that. Both have 100MB file upload restrictions.

 

Edited by itman

Share this post


Link to post
Share on other sites

Yes the scan in my OP was done with zip file method by VirusTotal. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...