object is infected by HEUR:Trojan.Script.Balada.gen

[Cody_MGO]

Hello dears,

Some of our customers are reporting my website is locket to access form their PCs. The message that appears when they try to access to the url is the following:

 

But, when I look for more information on the openTip, it seems that all its OK.

 

Could you guys help me to understand why my webpage is filtered as dangerous?

 

Thks

 

[Guilhermesene4096]

@Cody_MGO Welcome

 

I have sent your URL to Kaspersky Virus Lab and will provide the verdict when available.

 

The analysis may take a few hours or days (normally it doesn't take long), so I ask that you please wait.

 

If it is considered a false positive, it will be removed from detection in the next update of your Kaspersky product.

[Guilhermesene4096]

@Cody_MGO

⚠️ Final verdict from Kaspersky Virus Lab ↓

Quote

"Hello,

This is not a false alarm. This site is infected.
Here is the malicious code:
{sgAddEvent(window, "sgpbWillOpen", function(e) {if (e.detail.popupId == "258") {var hswj...
If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

Best regards, Xxxxxxx Xxxxxx, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names"

Edited January 31 by Guilhermesene4096

[Wernerk1]

Hello,

Reading the posts, Cody_MGO checked the website with Kasperky Intelligent Portal, and it showed everything was fine.

Now you say that it is not a false alarm.

In other words, the "Kaspersky Intelligent Portal" is a useless tool, being there just for fun.

 

[Guilhermesene4096]

@Wernerk1Welcome

Kaspersky Intelligent Portal performs an analysis and returns a first result of a file/website scan at first glance.

There are situations where there is a need for a more in-depth analysis of a malicious website and/or file, so we send it to Kaspersky's virus laboratories.

Therefore, KOTIP provides a first opinion, where, if necessary, it is sent back for further analysis to Kaspersky's virus laboratories.

[Wernerk1]

Thank you for your prompt message.

I am surprised Kasperky has different opinions on the same item. It sounds like a medical consultation: you see a doctor who says you are healthy and there are no problems, and then another one says you are not so healthy. I know in computing thing work in two ways only: 0 or 1, yes or no. I have a friend who attempted to do banking online about two or three weeks ago. Kasperky told him the website is infected with HEUR: Trojan.Script.Balada.gen. Every day for about two weeks, he tried to log in to that website, and each time he did this, he got the same warning. Now I am asking myself: What do the bank's IT and security staff do?

Don't they realize that something is wrong?

Then he tried a site just for his curiosity and everything was fine. And no, I do not work for these guys, or get any commission.

https:// quttera . com/website-malware-scanner

Again, thank you for your message and I am interested to hear your opinion.

[Wernerk1]

It looks like I am being inopportune here, asking pertinent questions. At least, this is my opinion. Well, what can we do?

However, thank you kindly for your time.

[Berny]

@Wernerk1 Welcome.

12 minutes ago, Wernerk1 said:

Well, what can we do?

Can you please provide additional details