Suspicious files found after MScan Malware Scan

Home Forums BulletProof Security Pro Suspicious files found after MScan Malware Scan

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • March 16, 2023 at 1:42 pm #42631
    beatty2020
    Participant

    Hi,

    I read the MScan Malware Scanner Guide and ran it for a website that I suspected had problems.

    Report: 57 suspicious files.

    I went through them all, downloaded the files into a folder on my hard drive to look at.

    I also noticed that the ‘Pattern Matching’ is not 100% accurate like the file hash is. Questions:

    • would a core file look like something like this: (suspicious file=)…/wp-content/cache/wp-rocket/example.com/topic/index-https.html – is that pattern matching or file hash comparison? It’s part of WP Rocket but it doesn’t seem like it would be core.
    • If not core then pattern matching – what are next steps to determine an html code that’s suspicious? Is there something I could run that file through that would tell me if it was indeed corrupted?

    Thanks.

    March 16, 2023 at 4:58 pm #42635
    AITpro Admin
    Keymaster

    Correct > File Hash scanning is 100% accurate vs pattern matching, which is around 75% accurate.  In some cases plugins or themes will automatically modify a plugin or theme file after installation or upgrade, which will trigger a false-positive since the original unmodified file will have a different File Hash. The Scan Report tells you if the suspicious file was scanned with File Hash or Pattern Matching.

    You can either use the built in MScan tools to check file contents or manually check files for malicious code.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.