Jump to content
Kaspersky Support Forum

Is my company's website truly infected? HEUR:Trojan.Script.Balada.gen

ian mendes
 Share
Go to solution Solved by Guilhermesene4096,

Recommended Posts

ian mendes

ian mendes

Posted
Posted (edited)

Hello!
My organisation is getting the following warning while trying to acces our domain:
object is infected HEUR: TROJAN.Script.Balada.gen
I've submitted the address on the web address analysis and it came out clean.
Is it a false detection?
The domain is linked https : //cremern.org.br/

infected.png

Edited by Berny
Suspicous link disabled !
Link to comment
Share on other sites
Guilhermesene4096

Guilhermesene4096

Posted
Posted

@Gabriel FerreiraWelcome

At first glance the site looks clean, however, let's wait for a final verdict.

I have sent your URL to Kaspersky Virus Lab and will provide the verdict when available.
 
The analysis may take a few hours or days (normally it doesn't take long), so I ask that you please wait.
 
If it is considered a false positive, it will be removed from detection in the next update of your Kaspersky product.
  • Like 1
Link to comment
Share on other sites
  • Solution
Guilhermesene4096

Guilhermesene4096

Posted
  • Solution
Posted

@ian mendes

⚠️ Final verdict from Kaspersky Virus Lab
Quote

"Hello,

Thank you for waiting.

As previously reported, the website in question 'cremern.org.br' is not listed as a threat to Kaspersky, so the message may have occurred because the client is on an outdated version of Kaspersky.

Ask the user to update their version of Kaspersky and the database."

 

  • Like 2
Link to comment
Share on other sites
Gabriel Ferreira

Gabriel Ferreira

Posted
Posted
1 hora atrás, harlan4096 disse:

Weird, still being infected:

 

imagen.thumb.png.38e57291d81fb07b3c56e2d5b34250e5.png

 

But:

 

imagen.thumb.png.3eb5baf44dcf39a255a9029846672f0c.png

 

imagen.thumb.png.eb101dd9af7ad5558eb720c332dbb60c.png

I can't figure out what is going on. Already run several anti-malware WordPress' plug-ins and all came clean. Asked one of then to do a manual check-up and they assured that was clean. Also the online websites scans can't find anything. 

However, Kaspersky keeps telling that it's infected and I don't know how to fix it 😥

Link to comment
Share on other sites
Gabriel Ferreira

Gabriel Ferreira

Posted
Posted

Hello. I would like to give you guys some feedback.

It seems that i've figured out what is going on.

The website is actually infected by the Trojan.Script.Balada.gen. Today the Kaspersky allowed to access the website once, but prevented a redirection to a malicious website (soft . specialcraftbox . com). After that I was able to find this article reporting a flaw in a Plug-In that I use for Pop-up - Thousands of Sites with Popup Builder Compromised by Balada Injector (sucuri.net)

 

Thanks for all the assistance.

  • Like 4
Link to comment
Share on other sites
  • 3 weeks later...
Guilhermesene4096

Guilhermesene4096

Posted
Posted
@AndrewLWelcome back
 
I have sent your URL to Kaspersky Virus Lab and will provide the verdict when and if available.
 
The analysis may take a few hours or days (normally it doesn't take long), so I ask that you please wait.
 
If it is considered a false positive, it will be removed from detection in the next update of your Kaspersky product.
  • Like 3
Link to comment
Share on other sites
  • 2 weeks later...
AndrewL

AndrewL

Posted
Posted
On 2/23/2024 at 4:48 PM, Guilhermesene4096 said:
@AndrewLWelcome back
 
I have sent your URL to Kaspersky Virus Lab and will provide the verdict when and if available.
 
The analysis may take a few hours or days (normally it doesn't take long), so I ask that you please wait.
 

Thanks, Guilherme. Should I still wait? The site is still being detected.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...