eclipse79 4 Posted March 30 Share Posted March 30 Hello, my Eset endpoint blocked a js file. The detetiont name is "JS/ScrInject.B". This is the URL: hxxps://www.ildiariodellavoro.it/wp-content/plugins/gshortcodes/assets/js/scripts.js?ver=6.1.1 IT technicians that mange the website told me that the file is secure. Anyway lot of systems consider it as dancerous. I tried using virustotal, some weeks ago only two engine found a security issue. Now four engine consider it as malicious. Does anyone help me? Is it really dangerous? Thanks Quote Link to comment Share on other sites More sharing options...
itman 1,543 Posted March 30 Share Posted March 30 Quttera states the URL associated with the web site is clean: https://quttera.com/detailed_report/www.ildiariodellavoro.it . However reviewing the files it scanned, it did not scan the WP plug-in where Eset is detecting malicious code. Appears some type of code injection is occurring on the web site or server. I would stick with Eset's determination the web site contains malware. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted March 30 Administrators Share Posted March 30 There is no such js file: Oops! Page Not Found. It looks like nothing was found at this location. Quote Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30 Author Share Posted March 30 5 minutes ago, Marcos said: There is no such js file: Oops! Page Not Found. It looks like nothing was found at this location. You are right. So, why eset gave the alert for this file? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted March 30 Administrators Share Posted March 30 Most likely the file has been removed in the mean time. Quote Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30 Author Share Posted March 30 Just now, Marcos said: Most likely the file has been removed in the mean time. Maybe, but it should occurs right now: using virustotal, the file is considered yet as dangerous. I re-submitted the check right now. Perhaps virustotal has it in its cache... Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted March 30 Administrators Share Posted March 30 Above is not the file in question but it's a check if the website was blacklisted by particular AV vendors. It doesn't tell anything about possible malware being there at the time of the check. Quote Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30 Author Share Posted March 30 11 minutes ago, Marcos said: Above is not the file in question but it's a check if the website was blacklisted by particular AV vendors. It doesn't tell anything about possible malware being there at the time of the check. Thank you Quote Link to comment Share on other sites More sharing options...
Nevermind 8 Posted March 30 Share Posted March 30 Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection. Quote Link to comment Share on other sites More sharing options...
eclipse79 4 Posted March 30 Author Share Posted March 30 1 minute ago, Nevermind said: Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection. I noticed... perhaps webmaster is working on it to delete references... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.