Jump to content

ESET antivirus found malware on my website


Go to solution Solved by Marcos,

Recommended Posts

Hello, 

recently I found out that if you access my website with ESET antivirus installed on your computer the ESET software warns you about possible malware on that website.

Sorry that the picture is in slovenian basicaly it says that ESET found a possible threat and it does not advise you to continue to website. Do you want to continue yes or no?

My first thought was to paste my link in online website malware checker and it says that there is no threat available ( https://www.virustotal.com/gui/domain/mindmaze.si/detection )

My second thought was that plugins and themes contain old programming code and that ESET finds that as a threat because it's outdated - so I updated my whole website to latest version of all plugins. It did not solve anything the page is still not safe according to ESET antivirus.

Could there be a malware javascript file or what could be wrong?

Does anyone have an idea what else to try? Thank you in advance.

Pictures attached, and my website link: https://mindmaze.si/

image.png

image.png

Link to post
Share on other sites
  • Administrators

The detection is correct, the website was compromised. You have the following js in an obfuscated form in c27fdb71ac8e6fbcba461b90adce5a1b.js:

image.png

While the detection exists since 2019, ESET is the only AV to detect it:

image.png

Link to post
Share on other sites
1 hour ago, Marcos said:

The detection is correct, the website was compromised. You have the following js in an obfuscated form in c27fdb71ac8e6fbcba461b90adce5a1b.js:

image.png

While the detection exists since 2019, ESET is the only AV to detect it:

image.png

Hello,

thank you for your answer. May I just ask where can you see that file becuase I have searched the whole directory and I do not find it... Also view source code does not display this .js file...

Link to post
Share on other sites
41 minutes ago, FlorjanK said:

But I do not see such file in the directory neither on page source code... Picture is displaying directory files:

Did you set Win Explorer to display hidden files?

Link to post
Share on other sites

Are you looking on your computer or on the server? You should be using file manager (or whatever your host calls it) to look on the actual web server.

Link to post
Share on other sites
  • Administrators
  • Solution

There is a chance that malware is running on the server and hides the file to explorer. Try using Filezilla for instance.

Link to post
Share on other sites
Posted (edited)

Okay you were right, there were suspicious files on the server directory which did not download to my backup folder, so I deleted all of them since I had no idea what were they. Now that they are deleted there is something else I suppose since the page is still not accesible.

Picture shows suspicious files which I downloaded to my PC backup folder and on the right the server directory which is empty.

 

May I just ask how did you find the malicious files since every virus search that I do says there is no problem with the site...

image.thumb.png.3fcf83e35dc16cf750e6348f4a7ac8c7.png

Edited by FlorjanK
Link to post
Share on other sites
  • Administrators

1, The malware was removed, we'll unblock the website momentarily.

2, Please compress the suspicious files into an archive encrypted with the password "infected", upload the archive to a safe location and drop me a personal message with a download link.

Quote

May I just ask how did you find the malicious files since every virus search that I do says there is no problem with the site...

We detected the malware when users visited your website and it was reported to us since the users had the LiveGrid Feedback system enabled.

Link to post
Share on other sites
36 minutes ago, Marcos said:

1, The malware was removed, we'll unblock the website momentarily.

2, Please compress the suspicious files into an archive encrypted with the password "infected", upload the archive to a safe location and drop me a personal message with a download link.

We detected the malware when users visited your website and it was reported to us since the users had the LiveGrid Feedback system enabled.

Thank you very much.

Is there a way to get deleted files after ESET deletes them from my PC since when I tried to download those files ESET found a threat and removed the file...

Maybe there is some kind of trash bin on my server which containts those files in this case I need to contact my hosting provider.

Link to post
Share on other sites
  • Most Valued Members
5 hours ago, FlorjanK said:

Thank you very much.

Is there a way to get deleted files after ESET deletes them from my PC since when I tried to download those files ESET found a threat and removed the file...

Maybe there is some kind of trash bin on my server which containts those files in this case I need to contact my hosting provider.

Yes you should find the malicious files in Quarantine.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...