Jump to content

Is my company's website truly infected? HEUR:Trojan.Script.Balada.gen


Go to solution Solved by Guilhermesene4096,

Recommended Posts

Hello!
My organisation is getting the following warning while trying to acces our domain:
object is infected HEUR: TROJAN.Script.Balada.gen
I've submitted the address on the web address analysis and it came out clean.
Is it a false detection?
The domain is linked https : //cremern.org.br/

infected.png

Edited by Berny
Suspicous link disabled !
Link to comment
Share on other sites

@Gabriel FerreiraWelcome

At first glance the site looks clean, however, let's wait for a final verdict.

I have sent your URL to Kaspersky Virus Lab and will provide the verdict when available.
 
The analysis may take a few hours or days (normally it doesn't take long), so I ask that you please wait.
 
If it is considered a false positive, it will be removed from detection in the next update of your Kaspersky product.
  • Like 1
Link to comment
Share on other sites

  • Solution

@ian mendes

⚠️ Final verdict from Kaspersky Virus Lab
Quote

"Hello,

Thank you for waiting.

As previously reported, the website in question 'cremern.org.br' is not listed as a threat to Kaspersky, so the message may have occurred because the client is on an outdated version of Kaspersky.

Ask the user to update their version of Kaspersky and the database."

 

  • Like 2
Link to comment
Share on other sites

1 hora atrás, harlan4096 disse:

Weird, still being infected:

 

imagen.thumb.png.38e57291d81fb07b3c56e2d5b34250e5.png

 

But:

 

imagen.thumb.png.3eb5baf44dcf39a255a9029846672f0c.png

 

imagen.thumb.png.eb101dd9af7ad5558eb720c332dbb60c.png

I can't figure out what is going on. Already run several anti-malware WordPress' plug-ins and all came clean. Asked one of then to do a manual check-up and they assured that was clean. Also the online websites scans can't find anything. 

However, Kaspersky keeps telling that it's infected and I don't know how to fix it 😥

Link to comment
Share on other sites

Hello. I would like to give you guys some feedback.

It seems that i've figured out what is going on.

The website is actually infected by the Trojan.Script.Balada.gen. Today the Kaspersky allowed to access the website once, but prevented a redirection to a malicious website (soft . specialcraftbox . com). After that I was able to find this article reporting a flaw in a Plug-In that I use for Pop-up - Thousands of Sites with Popup Builder Compromised by Balada Injector (sucuri.net)

 

Thanks for all the assistance.

  • Like 4
Link to comment
Share on other sites

  • 3 weeks later...
@AndrewLWelcome back
 
I have sent your URL to Kaspersky Virus Lab and will provide the verdict when and if available.
 
The analysis may take a few hours or days (normally it doesn't take long), so I ask that you please wait.
 
If it is considered a false positive, it will be removed from detection in the next update of your Kaspersky product.
  • Like 3
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...