Friend's website giving HEUR.Trojan.Script.Generic detection

[rounakr94]

Hi my friend's website is giving Trojan error when I visit it and none of the images there are loading.
He says his site is clean and he uses premium wordpress theme. I submitted the sample to kasperky opentip, below are some of the logs I copied from kaspersky internet security

 

 

[harlan4096]

Welcome to Kaspersky Community.

 

I've already sent that URL to Kaspersky analysts, waiting for the final verdict.

 

I'm also getting that detection, We'll see if finally a false positive or actually infected.

[Flood and Flood's wife]

Hello @rounakr94
Welcome!

• ?We cannot replicate the issue

Spoiler

 

1. Which KIS version & patch(x), x = letter, is installed, on the Windows taskbar or hidden icons, rightclick the Kaspersky icon, select About?
2. Does the detection happen in all supported browsers: Chrome, Edge, Firefox? 

Please let us know? 

Thank you?

Flood?+?

Edited May 18, 2022 by Flood and Flood's wife

[harlan4096]

I'm using K.Plus 21.7 beta:

Quote

Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: lazy-images.js?minify=false&ver=1c8bb5930b723e669774487342a8fa98
Object path: https : // techarx . com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist
MD5 of an object: 3106D4533459F76AFCEC275D48356648
Reason: Expert analysis
Databases release date: Today, 18/05/2022 4:06:00

[Flood and Flood's wife]

Thanks @harlan4096, we were actually asking @rounakr94?

[harlan4096]

Yes I know, I gave my version data as additional info ?

[Flood and Flood's wife]

• ✔️With Firefox 100.0.1 (64-bit)/KTS 21.3.10.391(i), we can replicate:

Spoiler

Thank you?

Flood?+?

Edited May 18, 2022 by Flood and Flood's wife

[harlan4096]

I just got final verdict from K. Analyst:

Quote

 

Yes, the url is available now and the detection is correct.

Best regards, R. R., Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

I hid the full name of analyst with R.R.

 

So, this means that URL is infected, and the owner should clean up it in the server side.

 

At this point, We can't do anything else in this case.

[rounakr94]

Spoiler

 

Hi, sorry for the late response.
The KIS version is 21.3.10.391 (i) , database release date 18.05.2022 07:36AM

Its detected in both Edge and Chrome


 

Spoiler

 

Thanks for the update. WIll ask the owner to check it on his side.
Btw what does the analyst at Kaspersky mean by "The URL is available now", it still shows as Good on opentip

[Igor Kurzin]

Quote

The URL is available now

It seems like the url was not reachable at some point (=would not open at all). 

[harlan4096]

Quote

Btw what does the analyst at Kaspersky mean by "The URL is available now", it still shows as Good on opentip

He said that because in his 1st reply They said the URL was unavailable, so I sent them a message showing that site was up and still giving the malicious detection.

 

About KOTIP, yes the result may differ, in this case because this detection comes from the Heuristic engine of Kaspersky product.

 

The site is still accessible perfectly here and still giving the malicious detection: