Website is clean now

[ThomasP 0]

Hi,

Thanks a lot for your help!

After working hard on the website, I removed the wordpress blog and created a new one so everything is started from new.

You can check yourself, ESET doesn't detect it as dangerous and the https://sitecheck.sucuri.net/results/www.passwordrevelator.net is clean.

Can you please check in your side to remove the PUA please?

Thanks

Best Regards

Thomas

[Marcos 5,070]

It is not. JS/Agent.OZD is still there.

You can contact Sucuri.net to get the site cleaned completely and to harden it against further exploitation.

[itman 1,659]

Also Quttera is still finding malicious SEO Spam on the web site; see below.

Further, Quttera has now formally blacklisted the web site. Perhaps "you should have quit while you were still ahead" as far as insistence your web site should not be flagged by Eset.

Edited July 21, 2021 by itman

[itman 1,659]

Since this is password cracking software, I found a good article covering subjects such as if its legal to sell and use such software: https://blog.elcomsoft.com/2020/10/everything-you-wanted-to-ask-about-cracking-passwords/ . Of note:

Quote

Obviously, nobody can stop you from breaking your own password that you forgot; however, if this password protect access to your data stored in some online service, it does not actually matter that the account is yours – you cannot legally break it. In other words, cracking passwords is perfectly legal if you work with local data and the data is yours, or if you have the permission from the legal owner, or if you represent the law and follow the local regulations. Cracking someone else’s data might be a criminal offence, but there is a huge gray area.

Next an excerpt from Password Revelator web site:

Quote

Access every Instagram account password with this software

You can download it totally FREE. Learn how to hack into your Instagram account for free. You can get someone's Instagram IDs by using our security fail system. You just need to provide the email address to connect to the account you want to enter, and after a few clicks, our system will automatically display the hidden key for you right on your screen. To enter into an Instagram account with our recovery service has never been easier. To view someone's Instagram private life within minutes is now available on the Internet. The person will not realize that his Instagram account has been unlocked.

I do hope that regardless of the Eset classification of access to this web site, it will flag any download from it as a PUA.

Edited July 21, 2021 by itman

[peteyt 393]

43 minutes ago, itman said:

Since this is password cracking software, I found a good article covering subjects such as if its legal to sell and use such software: https://blog.elcomsoft.com/2020/10/everything-you-wanted-to-ask-about-cracking-passwords/ . Of note:

Next an excerpt from Password Revelator web site:

I do hope that regardless of the Eset classification of access to this web site, it will flag any download from it as a PUA.

Yeah they claim they are just for using on your own account then talk about accessing multiple accounts, accessing people's private information etc.

I'm curious how it works or if it indeed even works

[ThomasP 0]

3 hours ago, Marcos said:

It is not. JS/Agent.OZD is still there.

You can contact Sucuri.net to get the site cleaned completely and to harden it against further exploitation.

Marcos, please see below:

 

[Marcos 5,070]

[itman 1,659]

Also of note, Hybrid-Analysis via sandbox analysis rates the site malicious; not a PUA:

https://www.hybrid-analysis.com/sample/1980c2c841f492e271fa350d3d1352a1f5184e4a81c9ec195d623d926587dcf5

Edited July 21, 2021 by itman

[ThomasP 0]

Hi Marcos,

You can try to clear the cache and to try again.

https://sitecheck.sucuri.net/ said that the website is clean now.

https://quttera.com/ emailed me telling me that we website is clean now.

Everything is OK now.

Thanks

Thomas

 

[itman 1,659]

1 hour ago, ThomasP said:

Everything is OK now.

I believe not:

[ThomasP 0]

Not sure how they scan but if the way to copy what dr. web said is for hybrid a solution, they are wrong. By the way I tried to contact them without success because they don't have contact page... Eset doesn't find any issue and this is the most important here.

Edited July 22, 2021 by ThomasP

[NewbyUser 72]

Glad you got your site clean, if in fact you did as it is debatable. but, while I am not in way part of Eset, I don't see the PUA classification being removed, you literally advertise being able to hack other people's IG accounts which is actual malware by definition, and illegal in every country I'm aware of it's laws, so you should be happy with just being classified as a PUA. and call it a day.  Password stealing trojan seems more appropriate to my view. 

[ThomasP 0]

finding it's own password is not illegal at all... if we are illegal, then these should be too: https://www.nirsoft.net/; https://securityxploded.com/; https://www.passware.com/

Edited July 22, 2021 by ThomasP

[NewbyUser 72]

On 7/21/2021 at 10:06 AM, itman said:

Since this is password cracking software, I found a good article covering subjects such as if its legal to sell and use such software: https://blog.elcomsoft.com/2020/10/everything-you-wanted-to-ask-about-cracking-passwords/ . Of note:

Next an excerpt from Password Revelator web site:

I do hope that regardless of the Eset classification of access to this web site, it will flag any download from it as a PUA.

Comments from your own site, advertising the ability to crack ANY other users IG account

 

Your own words; 

Access every Instagram account password with this software
You can download it totally FREE. Learn how to hack into your Instagram account for free. You can get someone's Instagram IDs by using our security fail system. You just need to provide the email address to connect to the account you want to enter, and after a few clicks, our system will automatically display the hidden key for you right on your screen. To enter into an Instagram account with our recovery service has never been easier. To view someone's Instagram private life within minutes is now available on the Internet. The person will not realize that his Instagram account has been unlocked.

[ThomasP 0]

no need to make copy/past this will be concidering as duplicate content and spam SEO... and this is not the subject here we said on the other topic. We are here to talk with Marcos about the virus issue we got on the website, that's all.

[Marcos 5,070]

This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected.

Having said that, we'll draw this topic to a close.