Mailcious and suspicious file remaining

Home Forums Support Forum Mailcious and suspicious file remaining

This topic contains 5 replies, has 2 voices, and was last updated by  Anti-Malware Admin 4 months, 1 week ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #132622

    Arno Tx
    Member

    Hello, I ran GOTMLS after having redirection issues towards anarchic websites on my website but it still remain malicious and suspicious files after running Quttera WordPress plugin :

    I’ve installed Wordfence and Sucuri too.

    Do I have to donate to solve the issues ? It’s ok for me to so if necessary.

    Here is the Quttera report :

     

    =======================================================================

    Quttera Web Malware Scanner plugin for WordPress

    Website Malware Scan Report

     

    Scanned Website: https://laurianebeaute.com

    Scan type: Internal

    Report generation time: 2024-07-29 16:27

     

    Scan launch time: 2024-07-29 15:46

    Scanned files: 20617

    Clean: 20599

    Potentially Suspicious: 8

    Suspicious: 4

    Malicious: 6

     

    © 2024 Quttera Ltd. All rights reserved.

    For any questions about this report: support@quttera.com

    =======================================================================

     

     

     

     

    FILE: wp-content/languages/plugins/better-wp-security-fr_FR.l10n.php

    FILE_MD5: 42ecbe5ff00cdf6ad3dcfb17c1009c0d

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987

    THREAT_NAME: Heur.HTML.Defacement.gen.F4248

    THREAT: Fatal Error…

    DETAILS: Website Potentially Defaced

     

     

    FILE: wp-content/plugins/wp-reviews-plugin-for-google/settings.php

    FILE_MD5: 01ad7e1d521d1ca224230816e2ddcfd2

    SEVERITY: enSuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 1e13e238737ae1a555765dba37df6d8a

    THREAT_NAME: Heur.PHP.Redirect.gen

    THREAT: <?php defined(‘ABSPATH’) or die(‘No script kiddies pleas…

    DETAILS: suspicious PHP redirection

     

     

    FILE: wp-content/plugins/wp-statistics/CHANGELOG.md

    FILE_MD5: 5232cb044769ffde6674ba996a0b85fd

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 34721388aab5fe299f9d29e9ca895ca1

    THREAT_NAME: Heur.PHP.iframe.gen.38

    THREAT: preg_replace (with /e…

    DETAILS: Detected malicious iframe injection

     

     

    FILE: wp-content/plugins/wp-statistics/CHANGELOG.md

    FILE_MD5: 5232cb044769ffde6674ba996a0b85fd

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987

    THREAT_NAME: Heur.HTML.Defacement.gen.F4248

    THREAT: Fatal Error…

    DETAILS: Website Potentially Defaced

     

     

    FILE: wp-content/plugins/gotmls/safe-load/index.php

    FILE_MD5: dde524d376f440d0ba3d0dd846f048d7

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: c2f3aca0096b6b5a01cec60404edf69a

    THREAT_NAME: Heur.PHP.Redirection.gen

    THREAT: <?php /** * GOTMLS Brute-Force protections * @package GO…

    DETAILS: Detected PHP redirection

     

     

    FILE: wp-content/plugins/instagram-feed/admin/SBI_Global_Settings.php

    FILE_MD5: e60210fb9ec1131cc15cf574aa7f55ad

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 6abde5a33d4684eff9998a33d7eac3ab

    THREAT_NAME: Heur.PHP.Dropper.gen

    THREAT: <?php /** * The Settings Page * * @since 6.0 */ namespac…

    DETAILS: Generic malware dropper

     

     

    FILE: wp-content/plugins/sucuri-scanner/src/mail.lib.php

    FILE_MD5: 7b6d288b03158f92691a4b1e75f2a824

    SEVERITY: enSuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 385be5e48f8157440cca64b0dea95da5

    THREAT_NAME: Heur.PHP.Mailer.gen.4c4b4f

    THREAT: @mail($email, $subject, $message, implode(“\r\n”, $headers)…

    DETAILS: Detected suspicious mailer

     

     

    FILE: wp-content/plugins/updraftplus/methods/googledrive.php

    FILE_MD5: e6d96fb83dc52f2bd0ce8b74192e84ba

    SEVERITY: enSuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 437dee84faabe914fb217bc2fe1c51f3

    THREAT_NAME: Heur.PHP.Redirect.gen

    THREAT: <?php if (!defined(‘UPDRAFTPLUS_DIR’)) die(‘No direct ac…

    DETAILS: suspicious PHP redirection

     

     

    FILE: wp-content/plugins/wordfence/lib/wfUtils.php

    FILE_MD5: 4a8bbde1bab3c986b2c4d8c3e9be25df

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 4ffc40bbf61eb658b4577d502e51c628

    THREAT_NAME: Heur.PHP.Encoded.gen.271C

    THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00…

    DETAILS: Potentially suspicious obfuscated PHP threat

     

     

    FILE: wp-content/plugins/wordfence/lib/wfUtils.php

    FILE_MD5: 4a8bbde1bab3c986b2c4d8c3e9be25df

    SEVERITY: enSuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 7993c0339d5264a16623656fd4cdd4e7

    THREAT_NAME: Heur.PHP.Encoded.gen

    THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00…

    DETAILS: Generic suspicious HEX encoder

     

     

    FILE: wp-content/plugins/wordfence/lib/wfUtils.php

    FILE_MD5: 4a8bbde1bab3c986b2c4d8c3e9be25df

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 4d585df5dcfad5155fd369b618fdce57

    THREAT_NAME: Heur.PHP.Injection.gen

    THREAT: @include_once($path);…

    DETAILS: Detected potentially suspicious PHP instruction

     

     

    FILE: wp-content/plugins/wp-reviews-plugin-for-google/include/admin.php

    FILE_MD5: e54f9cd5357b3e5f189fe16437201a92

    SEVERITY: enSuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 5198c98b5caa34bd47b3def138c14945

    THREAT_NAME: Heur.PHP.Redirect.gen

    THREAT: <?php defined(‘ABSPATH’) or die(‘No script kiddies pleas…

    DETAILS: suspicious PHP redirection

     

     

    FILE: wp-content/plugins/wp-reviews-plugin-for-google/include/admin.php

    FILE_MD5: e54f9cd5357b3e5f189fe16437201a92

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: f480b2ae4cdf42dae4772d442e13a486

    THREAT_NAME: Heur.PHP.Redirection.gen

    THREAT: <?php defined(‘ABSPATH’) or die(‘No script kiddies pleas…

    DETAILS: Detected malicious redirection header

     

     

    FILE: wp-content/themes/Divi/epanel/custom_functions.php

    FILE_MD5: 4a8e9f60a9dd9de8ccce1ded747b3e0f

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 62312b13d39a912e67a88ed59407cb38

    THREAT_NAME: Heur.PHP.iframe.gen.38

    THREAT: preg_replace( ‘@\[et_pb_post_nav[^\]]*?\].*?\[\/e…

    DETAILS: Detected malicious iframe injection

     

     

    FILE: wp-content/themes/Divi/epanel/core_functions.php

    FILE_MD5: c2291d88cbb5b92e639885fbb457744d

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 8ce60955c6e5e0717f43c3939013f29c

    THREAT_NAME: Heur.PHP.Redirection.gen

    THREAT: <?php // Prevent file from being loaded directly if ( ! …

    DETAILS: Detected malicious redirection header

     

     

    FILE: wp-content/uploads/2012/09/Oeil-yeux-et-regards-a-gogo.html

    FILE_MD5: 97cab916c2bb642a541728e45b94475a

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: dc2466136aa256db74ae8ec56a7389b9

    THREAT_NAME: Heur.JS.Redirection.gen

    THREAT: document.location.href=’http://teemix.aufeminin.com/album/’&#8230;

    DETAILS: Detected unconditional redirection

     

     

    FILE: wp-content/plugins/loco-translate/lib/compiled/gettext.php

    FILE_MD5: 2a06586875962e55b826fdf14197477f

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: c0fdee6a9ca83893685d646533318f94

    THREAT_NAME: Heur.PHP.Encoded.gen.271C

    THREAT: \xDE\x12\x04\x95\x00\x00\x00\x00…

    DETAILS: Potentially suspicious obfuscated PHP threat

     

     

    FILE: wp-content/plugins/wordfence/models/block/wfBlock.php

    FILE_MD5: 9bec02e08e0ab1ad4870c4d040049d86

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 506a581955764563e80101b13a3e2bee

    THREAT_NAME: Heur.PHP.Encoded.gen.271C

    THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xc0\x00\x02…

    DETAILS: Potentially suspicious obfuscated PHP threat

     

     

    FILE: wp-content/plugins/wordfence/models/block/wfBlock.php

    FILE_MD5: 9bec02e08e0ab1ad4870c4d040049d86

    SEVERITY: enSuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 612e5071007de07b91bacd16cc0e3e0a

    THREAT_NAME: Heur.PHP.Encoded.gen

    THREAT: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xc0\x00\x02…

    DETAILS: Generic suspicious HEX encoder

     

     

    FILE: wp-content/plugins/wp-reviews-plugin-for-google/static/js/admin-page-settings-connect.js

    FILE_MD5: c6b33dd8b62e17776c4e1dca82c0a030

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 1f9f588295911d429c19874c16f37b87

    THREAT_NAME: Heur.JS.Encoded.gen

    THREAT: ‘https://admin.trustindex.io/&#8217;.replace…

    DETAILS: Suspicious obfuscated JavaScript threat

     

     

    FILE: wp-content/themes/Divi/core/components/Portability.php

    FILE_MD5: 3d7ef1f74720e7641d9d7a1a1cfba6e2

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987

    THREAT_NAME: Heur.HTML.Defacement.gen.F4248

    THREAT: Fatal Error…

    DETAILS: Website Potentially Defaced

     

     

    FILE: wp-content/themes/Divi/css/dynamic-assets/woocommerce.css

    FILE_MD5: 0c9cdd032a7b623588d0ed52f1887189

    SEVERITY: enPotentiallySuspiciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 46e1c5ff6a86e39b59c43e83b2c85d38

    THREAT_NAME: Heur.PHP.Encoded.gen.271C

    THREAT: \53\53\53\53\53…

    DETAILS: Potentially suspicious obfuscated PHP threat

     

     

    FILE: wp-content/plugins/wp-statistics/assets/images/flags/rs.svg

    FILE_MD5: 21a074040a11f7538c59d77d391ca492

    SEVERITY: enMaliciousThreatType

    ENGINE: fscanner

    THREAT_SIG: 2f2dc6fb8a9faed28fa4a219ea463d85

    THREAT_NAME: Heur.JS.Encoded.gen

    THREAT: 8.4.5.4.6.4.5.4.6.4.5.4.5.4.5.4.6.4.6.4.5.3.6.4.6.4.5.4.6.4….

    DETAILS: Malicious obfuscated JavaScript threat (JS Trojan Downloader)

    #132650

    Anti-Malware Admin
    Key Master

    You don’t need to donate for my plugin to clean any Known Threats that are found. Are you saying that no Know Threats are found when you run the complete scan in my plugin?

    All these results from Quttera are a bit ridiculous, and most of them are clearly False Positives, but if you want to know more about the details of those results you should be asking them not me. There is not enough relevant information in Those results for me to make any real determination about those files without seeing the whole contents of each file.

    I can’t speak for Wordfence or Sucuri either, but if you want to share the results of the Complete Scan using my plugin then perhaps I can give you more suggestions.

    #132654

    Arno Tx
    Member

    You don’t need to donate for my plugin to clean any Known Threats that are found. Are you saying that no Know Threats are found when you run the complete scan in my plugin?
    >> indeed no known threats are found when I run your plugin all seems ok but I sometimes still have redirections when I open my website towards a website that wants phishing
    All these results from Quttera are a bit ridiculous, and most of them are clearly False Positives, but if you want to know more about the details of those results you should be asking them not me. There is not enough relevant information in Those results for me to make any real determination about those files without seeing the whole contents of each file.
    >> I understand
    I can’t speak for Wordfence or Sucuri either, but if you want to share the results of the Complete Scan using my plugin then perhaps I can give you more suggestions.
    >> Yes I will give it to you

    #132680

    Arno Tx
    Member
    #132695

    Arno Tx
    Member

    I’ve juste donate for your plugin and now scanning another time my website with core files activated.

    #132727

    Anti-Malware Admin
    Key Master

    I can see the redirection on your website, but it seems not to be detected by any of your malware plugin, not even mine, correct?

    If this is not found in your core files after you latest scan then it must be a new threat which is yet undiscovered by any of us Anti-Malware specialists.

    I would like the opportunity to find this new threat if you are willing to grant me access to your site. Please Contact me directly via email with any credentials you are willing to share.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.