Jump to content

The object is infected by HEUR:Trojan.Script.Generic


Go to solution Solved by Igor Kurzin,

Recommended Posts

Murilo Chianfa
Posted (edited)

Hello guys, my customer report me thats my website is infected and blocked your access, can u help me ?

I checked the website with your threat intelligence portal and apparently there is nothing.

https://opentip.kaspersky.com/?tab=web

 

report:

Evento: Objeto malicioso detectado
Nome do aplicativo: firefox.exe
Caminho do aplicativo: C:\Program Files\Mozilla Firefox
Componente: Antivírus da Web
Resultado da descrição: Detectado
Tipo: Trojan
Nome: HEUR:Trojan.Script.Generic
Precisão: Análise Heurística
Nível de ameaça: Alto
Tipo de objeto: Arquivo
Caminho do objeto.: 
MD5: E37C65682E27FAFD8095FFF090AE3CD5
Motivo: Análise especializada
Data da versão dos bancos de dados: Ontem, 25/09/2022 22:32:00

 

Edited by Igor Kurzin
Removed URL
  • Solution
Posted

Hi @Murilo Chianfa

the website is infected, malicious code starts with: 

;;if(ndsw===undefined){(function (I, h) {var D = {I: 0xaf,h: 0xb0,H: 0x9a,X: '0x95', J: 0xb1,d: 0x8e}, v = x, H = I();

 

  • Like 2
  • Thanks 1
Murilo Chianfa
Posted

right @Igor Kurzin, thank you for your attention... i'll look for it to correct and report here later.

Posted

Agree, got the same reply from KOTIP:

 

Quote

 

The malicious code begins with:
;;if(ndsw===undefined){(function (I, h) {var D = {I: 0xaf,h: 0xb0,H: 0x9a,X: '0x95', J: 0xb1,d: 0x8e}, v = x, H = I();

Best regards, R. , Malware Analyst, Kaspersky Lab
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

 

  • Like 1
  • Thanks 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...