ESET antivirus found malware on my website

FlorjanK · May 17, 2021

Hello,

recently I found out that if you access my website with ESET antivirus installed on your computer the ESET software warns you about possible malware on that website.

Sorry that the picture is in slovenian basicaly it says that ESET found a possible threat and it does not advise you to continue to website. Do you want to continue yes or no?

My first thought was to paste my link in online website malware checker and it says that there is no threat available ( https://www.virustotal.com/gui/domain/mindmaze.si/detection )

My second thought was that plugins and themes contain old programming code and that ESET finds that as a threat because it's outdated - so I updated my whole website to latest version of all plugins. It did not solve anything the page is still not safe according to ESET antivirus.

Could there be a malware javascript file or what could be wrong?

Does anyone have an idea what else to try? Thank you in advance.

Pictures attached, and my website link: https://mindmaze.si/

Marcos · May 17, 2021

The detection is correct, the website was compromised. You have the following js in an obfuscated form in c27fdb71ac8e6fbcba461b90adce5a1b.js:

While the detection exists since 2019, ESET is the only AV to detect it:

FlorjanK · May 17, 2021

1 hour ago, Marcos said:

The detection is correct, the website was compromised. You have the following js in an obfuscated form in c27fdb71ac8e6fbcba461b90adce5a1b.js:

While the detection exists since 2019, ESET is the only AV to detect it:

Hello,

thank you for your answer. May I just ask where can you see that file becuase I have searched the whole directory and I do not find it... Also view source code does not display this .js file...

Marcos · May 17, 2021

The url ends with .../cache/min/1/c27fdb71ac8e6fbcba461b90adce5a1b.js

FlorjanK · May 17, 2021

Hello,

But I do not see such file in the directory neither on page source code... Picture is displaying directory files:

image.png.cbf5df4677da6825b57f3d37413dc381.png

itman · May 17, 2021

41 minutes ago, FlorjanK said:

But I do not see such file in the directory neither on page source code... Picture is displaying directory files:

Did you set Win Explorer to display hidden files?

LesRMed · May 17, 2021

Are you looking on your computer or on the server? You should be using file manager (or whatever your host calls it) to look on the actual web server.

FlorjanK · May 17, 2021

1 hour ago, itman said:

Did you set Win Explorer to display hidden files?

Yes I did it is not there

Marcos · May 17, 2021

There is a chance that malware is running on the server and hides the file to explorer. Try using Filezilla for instance.

FlorjanK · May 18, 2021

Okay you were right, there were suspicious files on the server directory which did not download to my backup folder, so I deleted all of them since I had no idea what were they. Now that they are deleted there is something else I suppose since the page is still not accesible.

Picture shows suspicious files which I downloaded to my PC backup folder and on the right the server directory which is empty.

May I just ask how did you find the malicious files since every virus search that I do says there is no problem with the site...

Edited May 18, 2021 by FlorjanK

Marcos · May 18, 2021

1, The malware was removed, we'll unblock the website momentarily.

2, Please compress the suspicious files into an archive encrypted with the password "infected", upload the archive to a safe location and drop me a personal message with a download link.

Quote

May I just ask how did you find the malicious files since every virus search that I do says there is no problem with the site...

We detected the malware when users visited your website and it was reported to us since the users had the LiveGrid Feedback system enabled.

FlorjanK · May 18, 2021

36 minutes ago, Marcos said:

1, The malware was removed, we'll unblock the website momentarily.

2, Please compress the suspicious files into an archive encrypted with the password "infected", upload the archive to a safe location and drop me a personal message with a download link.

We detected the malware when users visited your website and it was reported to us since the users had the LiveGrid Feedback system enabled.

Thank you very much.

Is there a way to get deleted files after ESET deletes them from my PC since when I tried to download those files ESET found a threat and removed the file...

Maybe there is some kind of trash bin on my server which containts those files in this case I need to contact my hosting provider.

Nightowl · May 18, 2021

5 hours ago, FlorjanK said:

Thank you very much.

Is there a way to get deleted files after ESET deletes them from my PC since when I tried to download those files ESET found a threat and removed the file...

Maybe there is some kind of trash bin on my server which containts those files in this case I need to contact my hosting provider.

Yes you should find the malicious files in Quarantine.

FlorjanK · May 18, 2021

Just now, Nightowl said:

Yes you should find the malicious files in Quarantine.

Yes I just did that and sent the files to Marcos DM 😃

Thank you

Marcos · May 18, 2021

Thanks. Both files are detected, you can delete them.

Sign In

ESET antivirus found malware on my website

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics