Website blocked – infectred code . Malware

Home Forums BulletProof Security Pro Website blocked – infectred code . Malware

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • February 7, 2020 at 10:43 am #38628
    Luca
    Participant

    Hello,

    I recently discovered that my website is blocked by G-DATA software.

    I made a check with virustotal.com and appears this:

    https://www.virustotal.com/gui/url/223eaf30b4000defd0c4e6baf93e42c440a595167fbe80e6fdd2307de4fef3e4/detection

    Do you please have any suggestion about what to do? After a scan with BPS, seems I have plenty of files to check. Do I have to check one by one myself?

    Many thanks in advance
    Luca

    February 7, 2020 at 12:53 pm #38629
    AITpro Admin
    Keymaster

    Where exactly is your site being “blocked”? I scanned your site and did not find anything suspicious with my scanner. Virus total is picking up something, but I think their scanner is just picking up on something that is not actually malicious – very common for malware scanners – they are very limited. 😉

    February 11, 2020 at 8:34 am #38641
    AITpro Admin
    Keymaster

    Had some spare time to revisit this issue. Forgot to mention what I thought might be detected by a couple of the scanners.  I also rechecked the VirusTotal link you posted. On the VirusTotal page, which I did not notice before, is this > “base64-embedded” as the suspected malicious pattern that was found. So yeah exactly what I thought might be falsely detected as malicious is what those 2 scanners are seeing as malicious, which is your SG Popup plugin is base64 encoding your popups. Those 2 scanners are seeing that base64 encoded code as suspicious and are are flagging it as malicious. You also have some image files that are being base64 encoded. So your site is definitely not infected with anything malicious. You may want to notify VirusTotal about this or of course just ignore this issue since it is not an actual problem. 😉

    And finally if G-Data software is blocking something then you will need to contact them and let them know that your site is not actually infected with any malware or malicious code. You can refer them to this forum topic. So they can see exactly what is being falsely detected as malicious on your site. The BPS malware scanner is probably picking up the same base64 encoding as suspicious. Malware scanners in general are pretty limited and tend to generate false flags. We created something far superior to any/all malware scanners in BPS Pro, which is the AutoRestore|Quarantine feature. AutoRestore|Quarantine is 100% accurate. We only added the MScan feature in BPS and BPS Pro as a general tool since malware scanners are not 100% accurate. Just the nature of that beast.

    February 12, 2020 at 9:49 am #38647
    Luca
    Participant

    Many Thanks!

    Yes, I get in contact with G-Data and now it seems ok. I told them that I thought it’s a false positive and I think they agree with me because now the website is whitelisted again.

    Thank You!
    Whish you the best

    Luca

    February 12, 2020 at 9:57 am #38648
    AITpro Admin
    Keymaster

    Great! Glad to hear you got this issue figured out.  Glad I could help.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.