Kaspersky blocking website, detected as HEUR:Trojan-PSW.Script.Generic

[rgreen2002]

For over two months now KTS has been blocking this website:
https_://stilldragon.com/    [link disabled]

I am using google Chrome Version 83.0.4103.61 (Official Build) (64-bit)

I can find no way around this outside of turning KTS off.  I can open it in TOR no problem.

 

Object URL:

https://stilldragon.com/

Reason: the object is infected by HEUR:Trojan-PSW.Script.Generic

Message generated on: 6/9/2020 1:04:01 PM

 

Can you look into this issue?

 

[Berny]

@rgreen2002  Please contact K-Lab Technical Support https://center.kaspersky.com
who will confirm or deny a False Positive.

Also , please don’t submit potential dangerous  sites on this Forum
FYI this community cannot  fix this issue.

 

[rgreen2002]

Berry,

Sorry for the post and thanks for the direction.

Much appreciated..

 

[Flood and Flood's wife]

Hello @rgreen2002,

No apology necessary, we’re happy to help🙂

Kaspersky experts, Sent: Wednesday, 10 June 2020 16:58, have advised:

Quote

The detection is correct, the partial malicious codes is as follows:

 

The script connects and injects the blocked object into one's computer to steal cookies and website credentials.

Please advise the webmaster to remove the code from the page.

unquote. 

Thank you🙏

Flood🐳

[Franco8]

Guys, I am having a similar issue . Could you please have a look at keywestaloe.com? The Tag on the website does not have var_ or anything like that… any advice?

[Flood and Flood's wife]

Could you please have a look at keywestaloe.com? The Tag on the website does not have var_ or anything like that… any advice?

Hello @Franco8, 

Welcome!

It may be a false positive, we’ve submitted it for analysis & logged a case with Kaspersky.

We’ll update you when they respond

 

Thank you🙏

Flood🐳+🐋

[Flood and Flood's wife]

Hello @Franco8,

Virus analysts provided the following response:

qte:

This is not a false alarm. This site is infected. Here is the malicious code:

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

unqte

Thank you🙏

Flood🐳+🐋

[Franco8]

Remove what? The Google Tag Manager?

[richbuff]

“Remove what? The Google Tag Manager?”

 

If the are The Webmaster, please remove the above code from your website. If the website does not belong to you, please contact the webmaster of the site and inform them of the malicious code that is in the website. 

[Franco8]

I am the website manager, but I can’t remove a default Google Tag Manager code. Millions (if not billions) of websites use it. What part of the code do you find malicious?

[Flood and Flood's wife]

I am the website manager, but I can’t remove a default Google Tag Manager code. Millions (if not billions) of websites use it. 

Hello @Franco8, 

Do you have a Kaspersky software subscription/license? 

Please let us know?

Thank you🙏

Flood🐳+🐋

[Berny]

@Franco8 With a paid product you can obtain direct assistance from the Kaspersky Technical Support Team :

https://my.kaspersky.com/techsupport#/requests/new 

[Wesly.Zhang]

Hello,

This issue has been solved right now. This website could be accessed. Could you check it now?

Regards.

[Flood and Flood's wife]

Hello @Wesly.Zhang, 

Which links did you test? 

Thank you🙏

Flood🐳+🐋

[Wesly.Zhang]

Hello @Wesly.Zhang, 

Which links did you test? 

Thank you🙏

Flood🐳+🐋

Hello,

It is stilldragon.com.

Regards.

[Flood and Flood's wife]

Hello @Wesly.Zhang, 

@Franco8 is not interested in stilldragon. 

Thank you🙏

Flood🐳+🐋

[Franco8]

Событие :    Загрузка остановлена
Пользователь : 
Тип пользователя :    Активный пользователь
Имя программы :    firefox.exe
Путь к программе :    C:\Program Files\Mozilla Firefox
Компонент :    Веб-Антивирус
Описание результата :    Запрещено
Тип :    Троянская программа
Название :    HEUR:Trojan-PSW.Script.Generic
Точность :    Эвристический анализ
Степень угрозы :    Высокая
Тип объекта :    Файл
Имя объекта :    data0000
Путь к объекту :    https://www.googletagmanager.com/gtm.js?id=GTM-MJDW8PM//
MD5 :    D0A55983032E397E8C4009A31290C94A
Причина :    Экспертный анализ
Дата выпуска баз :    Вчера, 26.02.2021 20:13:00

[Flood and Flood's wife]

What part of the code do you find malicious?

 Hello @Franco8, 

The Kaspersky Virus Analysts have advised: 

• “GTM with id GTM-MJDW8PM is malicious. The whole part using this gtm should be removed.”

Thank you🙏

Flood🐳+🐋

[Franco8]

9,366,385 websites in Internet use Google Tag manager. Can you confirm KAV sees all of them as viruses? Or is there anything that makes the tracking code mentioned above special?

[Flood and Flood's wife]

Hello @Franco8, 

You’re most welcome!

Personally, no, we cannot → the Community cannot answer your questions, beyond what we already have. 

1. Have you tried a different code? 
2. We’ve asked you if you have a Kaspersky subscription license & received no reply; if you do, log a case with Kaspersky Technical Support & battle it out with them

 

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.

▶ Please share the outcome with the Community when it’s available? 

Thank you🙏

Flood🐳+🐋

[melekstore]

Hello. I have got the same problem.
I am the owner of www.melekstore.com. When a person having kaspersky enters to my webpage they got the error code trojan-PSW.script.generic.

We cheched the files but don’t find any viruses.

Could you please help.

 

Kind regards,

Aydin.

[Flood and Flood's wife]

Hello @melekstore, 

Welcome!

Why have you posted the same issue three times? 

Thank you🙏

Flood🐳+🐋

[melekstore]

I think different people can see it and help.

And the support system of Kaspersky is a little complicated. I did not be sure where to post.

I also sent you a private message.
Sorry if I made a wrong thing.

[Flood and Flood's wife]

Hello @melekstore, 

You only need to make one post. 

By making 3 posts, you have everybody running around trying to work out which post to answer. 

@Berny has replied to you in another one of your posts. 

Thank you🙏

Flood🐳+🐋

[PC Depot]

Good day

My site is 

www.pcdepotliquidation.com

and Kaspersky is blocking my site

I called WHC and I did several scan even with Kaspersky and there is no Torjan

but my customers that are using Kaspersky can't access my website

can you please help me with that issue

Thanks