Jump to content

Friend's website giving HEUR.Trojan.Script.Generic detection


Recommended Posts

Hi my friend's website is giving Trojan error when I visit it and none of the images there are loading.
He says his site is clean and he uses premium wordpress theme. I submitted the sample to kasperky opentip, below are some of the logs I copied from kaspersky internet security

 

 

Link to comment
Share on other sites

  • The title was changed to Friend's website giving HEUR.Trojan.Script.Generic detection

Welcome to Kaspersky Community.

 

I've already sent that URL to Kaspersky analysts, waiting for the final verdict.

 

I'm also getting that detection, We'll see if finally a false positive or actually infected.

  • Like 1
Link to comment
Share on other sites

Posted (edited)

Hello @rounakr94
Welcome!

  • 💥We cannot replicate the issue
Spoiler

image.png.58d8d987fdb2b51b01b9f61517277f96.png

 

  1. Which KIS version & patch(x), x = letter, is installed, on the Windows taskbar or hidden icons, rightclick the Kaspersky icon, select About?
  2. Does the detection happen in all supported browsers: Chrome, Edge, Firefox? 

Please let us know? 

Thank you🙏

Flood🐳+🐋

Edited by Flood and Flood's wife
Link to comment
Share on other sites

I'm using K.Plus 21.7 beta:

Quote

Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: lazy-images.js?minify=false&ver=1c8bb5930b723e669774487342a8fa98
Object path: https : // techarx . com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist
MD5 of an object: 3106D4533459F76AFCEC275D48356648
Reason: Expert analysis
Databases release date: Today, 18/05/2022 4:06:00

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

I just got final verdict from K. Analyst:

Quote

 

Yes, the url is available now and the detection is correct.

Best regards, R. R., Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

I hid the full name of analyst with R.R.

 

So, this means that URL is infected, and the owner should clean up it in the server side.

 

At this point, We can't do anything else in this case.

  • Like 3
Link to comment
Share on other sites

Spoiler

 

Hi, sorry for the late response.
The KIS version is 21.3.10.391 (i) , database release date 18.05.2022 07:36AM

Its detected in both Edge and Chrome


 

Spoiler

 

Thanks for the update. WIll ask the owner to check it on his side.
Btw what does the analyst at Kaspersky mean by "The URL is available now", it still shows as Good on opentip

  • Like 2
Link to comment
Share on other sites

Quote

Btw what does the analyst at Kaspersky mean by "The URL is available now", it still shows as Good on opentip

He said that because in his 1st reply They said the URL was unavailable, so I sent them a message showing that site was up and still giving the malicious detection.

 

About KOTIP, yes the result may differ, in this case because this detection comes from the Heuristic engine of Kaspersky product.

 

The site is still accessible perfectly here and still giving the malicious detection:

image.png.556510f2755a4fbb59db350dc1c7ba34.png

 

  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.