Lilliput Direct - Eset NOD32 False Positive

[lilliputdirect 0]

Hi there

 

I've got an issue with our site showing as infected while using NOD32. The site has been locally scanned and remotely scanned by numerous antivirus programs and has turned up negative in all cases.

 

Local Scans:

Microsoft Security Essentials

Norton Antivirus

Comodo Internet Security

AVG Antivirus

 

Remote Scans:

Sucuri Site Scan

WebInspector - Comodo

 

According to the sucuri scan - the domain is not featured on the ESET blacklist

 

An MX toolbox domain check shows no blacklist results either

 

Please could someone advise as to the nature of this issue? NOD32 is the ONLY scanner program that is reporting this issue so if it is genuine then please advise why this is the only virus scanner that is reporting the issue?

[Marcos 4,935]

It seems the malware has been removed. We'll unblock the website but next time please report it to ESET Malware Research Lab by following the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141.

[lilliputdirect 0]

Thanks for your help on this matter.

 

Would you be able to provide any information relating to the issue to our team? It would be useful to our web team to know why this flagged up, and how this could have gotten under our radar in order to avoid this issue in the future.

 

Again thanks for your prompt and speedy response.

[Marcos 4,935]

There was an encrypted Waski file found in the /image/flags folder.

[rugk 397]

Sorry for the late reply, but here other more details about this "Waski file": hxxp://virusradar.com/en/Win32_TrojanDownloader.Waski/detail

Edited February 22, 2015 by rugk