Jump to content
Kaspersky Support Forum

Website is clean but kaspersky says malicious file found

neelesh.om

By neelesh.om
in Virus and Ransomware related questions

 Share

Recommended Posts

neelesh.om

neelesh.om

Posted
Posted

Our website is clean and internet security says that website contains malware. Can you please check as users are getting this , screenshot attached.

Kindly help

MicrosoftTeams-image.png

harlan4096

harlan4096

Posted
Posted

I just got a reply from K. analysts:

_______________________________________________________
User type: Active user
Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan-PSW.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: translate.min.js
Object path: https : // headvape . com/js/mage
MD5 of an object: B45831AD971E3B0343B65F38FC8DF36E
Reason: Expert analysis
Databases release date: Today, 26/05/2022 9:08:00
_______________________________________________________

Quote

 

Hello,

The blocking of this URL is correct.

Best regards, V. G., Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

 

It seems that URL performs an access to that different malicious URL...

  • Like 2
neelesh.om

neelesh.om

Posted
  • Author
Posted

we have removed the url , can you guys check again

 

harlan4096

harlan4096

Posted
Posted

Accessing to https://www.myrabag.com/ detection is already there, but only if I access via FireFox, but not with Chrome or Opera ?:

Quote

User type: Active user
Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan-PSW.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: translate.min.js
Object path: https://headvape.com/js/mage
MD5 of an object: B45831AD971E3B0343B65F38FC8DF36E
Reason: Expert analysis

 

  • Like 1
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted
14 minutes ago, harlan4096 said:

Accessing to https://www.myrabag.com/ detection is already there, but only if I access via FireFox, but not with Chrome or Opera ?:

 

Hello @harlan4096

Confirming detection, with Edge v101.0.1210.53:

Spoiler

image.thumb.png.f5a51bc7f6767d4c14bce3d6280f250a.png

Thank you?

Flood?+?

  • Like 1
Berny

Berny

Posted
Posted

Hi @harlan4096

Please see detection under Chrome :

Spoiler

Event: Download denied
User: DESKTOP
User type: Active user
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan-PSW.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: translate.min.js
Object path: https://headvape.com/js/mage
MD5 of an object: B45831AD971E3B0343B65F38FC8DF36E
Reason: Expert analysis
Databases release date: Today, 31/05/2022 7:46:00

 

  • Like 1
harlan4096

harlan4096

Posted
Posted

Maybe false positive, that script seems a translation library ?...

  • Like 1
neelesh.om

neelesh.om

Posted
  • Author
Posted

Can you whitelist this url  "https://www.myrabag.com" from Kaspersky Database

  • The title was changed to Website is clean but kaspersky says malicious file found

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...