Home › Forums › Support Forum › Mailcious and suspicious file remaining
Tagged: malicious files remaining
This topic contains 5 replies, has 2 voices, and was last updated by 
-
AuthorPosts
-
July 29, 2024 at 6:38 am #132622
Hello, I ran GOTMLS after having redirection issues towards anarchic websites on my website but it still remain malicious and suspicious files after running Quttera WordPress plugin :
I’ve installed Wordfence and Sucuri too.
Do I have to donate to solve the issues ? It’s ok for me to so if necessary.
Here is the Quttera report :
=======================================================================
Quttera Web Malware Scanner plugin for WordPress
Website Malware Scan Report
Scanned Website: https://laurianebeaute.com
Scan type: Internal
Report generation time: 2024-07-29 16:27
Scan launch time: 2024-07-29 15:46
Scanned files: 20617
Clean: 20599
Potentially Suspicious: 8
Suspicious: 4
Malicious: 6
© 2024 Quttera Ltd. All rights reserved.
For any questions about this report: support@quttera.com
=======================================================================
FILE: wp-content/languages/plugins/better-wp-security-fr_FR.l10n.php
FILE_MD5: 42ecbe5ff00cdf6ad3dcfb17c1009c0d
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
THREAT_NAME: Heur.HTML.Defacement.gen.F4248
THREAT: Fatal Error…
DETAILS: Website Potentially Defaced
FILE: wp-content/plugins/wp-reviews-plugin-for-google/settings.php
FILE_MD5: 01ad7e1d521d1ca224230816e2ddcfd2
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 1e13e238737ae1a555765dba37df6d8a
THREAT_NAME: Heur.PHP.Redirect.gen
THREAT: <?php defined(‘ABSPATH’) or die(‘No script kiddies pleas…
DETAILS: suspicious PHP redirection
FILE: wp-content/plugins/wp-statistics/CHANGELOG.md
FILE_MD5: 5232cb044769ffde6674ba996a0b85fd
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 34721388aab5fe299f9d29e9ca895ca1
THREAT_NAME: Heur.PHP.iframe.gen.38
THREAT: preg_replace (with /e…
DETAILS: Detected malicious iframe injection
FILE: wp-content/plugins/wp-statistics/CHANGELOG.md
FILE_MD5: 5232cb044769ffde6674ba996a0b85fd
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
THREAT_NAME: Heur.HTML.Defacement.gen.F4248
THREAT: Fatal Error…
DETAILS: Website Potentially Defaced
FILE: wp-content/plugins/gotmls/safe-load/index.php
FILE_MD5: dde524d376f440d0ba3d0dd846f048d7
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: c2f3aca0096b6b5a01cec60404edf69a
THREAT_NAME: Heur.PHP.Redirection.gen
THREAT: <?php /** * GOTMLS Brute-Force protections * @package GO…
DETAILS: Detected PHP redirection
FILE: wp-content/plugins/instagram-feed/admin/SBI_Global_Settings.php
FILE_MD5: e60210fb9ec1131cc15cf574aa7f55ad
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 6abde5a33d4684eff9998a33d7eac3ab
THREAT_NAME: Heur.PHP.Dropper.gen
THREAT: <?php /** * The Settings Page * * @since 6.0 */ namespac…
DETAILS: Generic malware dropper
FILE: wp-content/plugins/sucuri-scanner/src/mail.lib.php
FILE_MD5: 7b6d288b03158f92691a4b1e75f2a824
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 385be5e48f8157440cca64b0dea95da5
THREAT_NAME: Heur.PHP.Mailer.gen.4c4b4f
THREAT: @mail($email, $subject, $message, implode(“\r\n”, $headers)…
DETAILS: Detected suspicious mailer
FILE: wp-content/plugins/updraftplus/methods/googledrive.php
FILE_MD5: e6d96fb83dc52f2bd0ce8b74192e84ba
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 437dee84faabe914fb217bc2fe1c51f3
THREAT_NAME: Heur.PHP.Redirect.gen
THREAT: <?php if (!defined(‘UPDRAFTPLUS_DIR’)) die(‘No direct ac…
DETAILS: suspicious PHP redirection
FILE: wp-content/plugins/wordfence/lib/wfUtils.php
FILE_MD5: 4a8bbde1bab3c986b2c4d8c3e9be25df
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 4ffc40bbf61eb658b4577d502e51c628
THREAT_NAME: Heur.PHP.Encoded.gen.271C
THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00…
DETAILS: Potentially suspicious obfuscated PHP threat
FILE: wp-content/plugins/wordfence/lib/wfUtils.php
FILE_MD5: 4a8bbde1bab3c986b2c4d8c3e9be25df
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 7993c0339d5264a16623656fd4cdd4e7
THREAT_NAME: Heur.PHP.Encoded.gen
THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00…
DETAILS: Generic suspicious HEX encoder
FILE: wp-content/plugins/wordfence/lib/wfUtils.php
FILE_MD5: 4a8bbde1bab3c986b2c4d8c3e9be25df
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 4d585df5dcfad5155fd369b618fdce57
THREAT_NAME: Heur.PHP.Injection.gen
THREAT: @include_once($path);…
DETAILS: Detected potentially suspicious PHP instruction
FILE: wp-content/plugins/wp-reviews-plugin-for-google/include/admin.php
FILE_MD5: e54f9cd5357b3e5f189fe16437201a92
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 5198c98b5caa34bd47b3def138c14945
THREAT_NAME: Heur.PHP.Redirect.gen
THREAT: <?php defined(‘ABSPATH’) or die(‘No script kiddies pleas…
DETAILS: suspicious PHP redirection
FILE: wp-content/plugins/wp-reviews-plugin-for-google/include/admin.php
FILE_MD5: e54f9cd5357b3e5f189fe16437201a92
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: f480b2ae4cdf42dae4772d442e13a486
THREAT_NAME: Heur.PHP.Redirection.gen
THREAT: <?php defined(‘ABSPATH’) or die(‘No script kiddies pleas…
DETAILS: Detected malicious redirection header
FILE: wp-content/themes/Divi/epanel/custom_functions.php
FILE_MD5: 4a8e9f60a9dd9de8ccce1ded747b3e0f
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 62312b13d39a912e67a88ed59407cb38
THREAT_NAME: Heur.PHP.iframe.gen.38
THREAT: preg_replace( ‘@\[et_pb_post_nav[^\]]*?\].*?\[\/e…
DETAILS: Detected malicious iframe injection
FILE: wp-content/themes/Divi/epanel/core_functions.php
FILE_MD5: c2291d88cbb5b92e639885fbb457744d
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 8ce60955c6e5e0717f43c3939013f29c
THREAT_NAME: Heur.PHP.Redirection.gen
THREAT: <?php // Prevent file from being loaded directly if ( ! …
DETAILS: Detected malicious redirection header
FILE: wp-content/uploads/2012/09/Oeil-yeux-et-regards-a-gogo.html
FILE_MD5: 97cab916c2bb642a541728e45b94475a
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: dc2466136aa256db74ae8ec56a7389b9
THREAT_NAME: Heur.JS.Redirection.gen
THREAT: document.location.href=’http://teemix.aufeminin.com/album/’…
DETAILS: Detected unconditional redirection
FILE: wp-content/plugins/loco-translate/lib/compiled/gettext.php
FILE_MD5: 2a06586875962e55b826fdf14197477f
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: c0fdee6a9ca83893685d646533318f94
THREAT_NAME: Heur.PHP.Encoded.gen.271C
THREAT: \xDE\x12\x04\x95\x00\x00\x00\x00…
DETAILS: Potentially suspicious obfuscated PHP threat
FILE: wp-content/plugins/wordfence/models/block/wfBlock.php
FILE_MD5: 9bec02e08e0ab1ad4870c4d040049d86
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 506a581955764563e80101b13a3e2bee
THREAT_NAME: Heur.PHP.Encoded.gen.271C
THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xc0\x00\x02…
DETAILS: Potentially suspicious obfuscated PHP threat
FILE: wp-content/plugins/wordfence/models/block/wfBlock.php
FILE_MD5: 9bec02e08e0ab1ad4870c4d040049d86
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 612e5071007de07b91bacd16cc0e3e0a
THREAT_NAME: Heur.PHP.Encoded.gen
THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xc0\x00\x02…
DETAILS: Generic suspicious HEX encoder
FILE: wp-content/plugins/wp-reviews-plugin-for-google/static/js/admin-page-settings-connect.js
FILE_MD5: c6b33dd8b62e17776c4e1dca82c0a030
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 1f9f588295911d429c19874c16f37b87
THREAT_NAME: Heur.JS.Encoded.gen
THREAT: ‘https://admin.trustindex.io/’.replace…
DETAILS: Suspicious obfuscated JavaScript threat
FILE: wp-content/themes/Divi/core/components/Portability.php
FILE_MD5: 3d7ef1f74720e7641d9d7a1a1cfba6e2
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
THREAT_NAME: Heur.HTML.Defacement.gen.F4248
THREAT: Fatal Error…
DETAILS: Website Potentially Defaced
FILE: wp-content/themes/Divi/css/dynamic-assets/woocommerce.css
FILE_MD5: 0c9cdd032a7b623588d0ed52f1887189
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 46e1c5ff6a86e39b59c43e83b2c85d38
THREAT_NAME: Heur.PHP.Encoded.gen.271C
THREAT: \53\53\53\53\53…
DETAILS: Potentially suspicious obfuscated PHP threat
FILE: wp-content/plugins/wp-statistics/assets/images/flags/rs.svg
FILE_MD5: 21a074040a11f7538c59d77d391ca492
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 2f2dc6fb8a9faed28fa4a219ea463d85
THREAT_NAME: Heur.JS.Encoded.gen
THREAT: 8.4.5.4.6.4.5.4.6.4.5.4.5.4.5.4.6.4.6.4.5.3.6.4.6.4.5.4.6.4….
DETAILS: Malicious obfuscated JavaScript threat (JS Trojan Downloader)
July 29, 2024 at 1:48 pm #132650You don’t need to donate for my plugin to clean any Known Threats that are found. Are you saying that no Know Threats are found when you run the complete scan in my plugin?
All these results from Quttera are a bit ridiculous, and most of them are clearly False Positives, but if you want to know more about the details of those results you should be asking them not me. There is not enough relevant information in Those results for me to make any real determination about those files without seeing the whole contents of each file.
I can’t speak for Wordfence or Sucuri either, but if you want to share the results of the Complete Scan using my plugin then perhaps I can give you more suggestions.
July 29, 2024 at 2:20 pm #132654You don’t need to donate for my plugin to clean any Known Threats that are found. Are you saying that no Know Threats are found when you run the complete scan in my plugin?
>> indeed no known threats are found when I run your plugin all seems ok but I sometimes still have redirections when I open my website towards a website that wants phishing
All these results from Quttera are a bit ridiculous, and most of them are clearly False Positives, but if you want to know more about the details of those results you should be asking them not me. There is not enough relevant information in Those results for me to make any real determination about those files without seeing the whole contents of each file.
>> I understand
I can’t speak for Wordfence or Sucuri either, but if you want to share the results of the Complete Scan using my plugin then perhaps I can give you more suggestions.
>> Yes I will give it to youJuly 29, 2024 at 10:29 pm #132680Here are the resultts with the scan with your plugin :
Scan terminé !2389 Folders Checked
55 Minutes Elapsed
100%
-1 Folders Remaining
-1 Seconds Remaining17576 Fichiers scannés
2388 Dossiers sélectionnés
2389 Dossiers scannés
0 Dossiers ignorés
8081 Fichiers ignorés
0 Erreurs de scan/lecture0 Fichiers mis en quarantaine
Found 0 Injections de bases de données
Found 0 Menaces htaccess
Found 0 Exploits TimThumb
Found 0 Menaces connues
Found 0 Modifications des fichiers du noyau WordPressJuly 30, 2024 at 12:23 am #132695I’ve juste donate for your plugin and now scanning another time my website with core files activated.
July 30, 2024 at 8:19 am #132727I can see the redirection on your website, but it seems not to be detected by any of your malware plugin, not even mine, correct?
If this is not found in your core files after you latest scan then it must be a new threat which is yet undiscovered by any of us Anti-Malware specialists.
I would like the opportunity to find this new threat if you are willing to grant me access to your site. Please Contact me directly via email with any credentials you are willing to share.
-
AuthorPosts
You must be logged in to reply to this topic.
