Jump to content

Getting notifications of PHP.Kryptik.BF - but your website doesn't have any description of it. False positive?


Recommended Posts

I've now gotten notifications, twice, about files being infected with PHP.Kryptik.BF. I'm pretty sure this latest detection is a false positive, and after I ran a scan of the directory containing the allegedly-infected file, it found nothing.

More to the point, there is no description of PHP.Kryptik.BF on your website - at least, there wasn't a few days ago.

ESET: Can you please remove this alleged "trojan" from the list of exploits you scan for? I am not convinced it even exists.

Link to comment
Share on other sites

  • Administrators

The detection is from 2016. Please provide the detected file(s) in an archive encrypted with the password "infected".

Link to comment
Share on other sites

Thanks. Here it is... 

This is a backup of a website - it's a WordPress website, so there are a lot of .PHP files, but before zipping up the folder containing the files, I right-clicked the folder and ran a scan. The scan completed in less than 10 seconds, with ESET saying it hadn't detected any malware.

 

dogs_infected.zip

Link to comment
Share on other sites

  • Administrators

You are right, none of the files is detected. Please provide logs collected with ESET Log Collector from a machine where the threat was detected. Make sure to select all quarantined files to collect.

Link to comment
Share on other sites

  • Administrators

You can upload the file to a file sharing service (Dropbox, OneDrive, etc.) and drop me a private message with a download link.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...