Jump to content

Getting notifications of PHP.Kryptik.BF - but your website doesn't have any description of it. False positive?


Recommended Posts

Posted

I've now gotten notifications, twice, about files being infected with PHP.Kryptik.BF. I'm pretty sure this latest detection is a false positive, and after I ran a scan of the directory containing the allegedly-infected file, it found nothing.

More to the point, there is no description of PHP.Kryptik.BF on your website - at least, there wasn't a few days ago.

ESET: Can you please remove this alleged "trojan" from the list of exploits you scan for? I am not convinced it even exists.

  • Administrators
Posted

The detection is from 2016. Please provide the detected file(s) in an archive encrypted with the password "infected".

Posted

Thanks. Here it is... 

This is a backup of a website - it's a WordPress website, so there are a lot of .PHP files, but before zipping up the folder containing the files, I right-clicked the folder and ran a scan. The scan completed in less than 10 seconds, with ESET saying it hadn't detected any malware.

 

dogs_infected.zip

  • Administrators
Posted

You are right, none of the files is detected. Please provide logs collected with ESET Log Collector from a machine where the threat was detected. Make sure to select all quarantined files to collect.

Posted

I can't attach the ZIP file; it's too large. Is there another way I can get the logs to you? Thanks.

  • Administrators
Posted

You can upload the file to a file sharing service (Dropbox, OneDrive, etc.) and drop me a private message with a download link.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...