Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
avast reports virus on my website but I can´t detect any infection. Please check
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: avast reports virus on my website but I can´t detect any infection. Please check (Read 3352 times)
0 Members and 1 Guest are viewing this topic.
REDACTED
Guest
avast reports virus on my website but I can´t detect any infection. Please check
«
on:
February 12, 2016, 12:18:44 PM »
A customer using avast was so kind to report virus infection:
Please check
www.mastering-academy.de
and
www.mastering-academy.com
My virus program and and online virus scan can´t find any problems.
But I would like to get rid of that problem.
Can you give me advice which file may be infected or is causing this problem so that I can figure out to remove it manually.
Thank you for your support.
Friedemann Tischmeyer
Logged
Pondus
Probably Bot
Posts: 37533
Not a avast user
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #1 on:
February 12, 2016, 12:19:50 PM »
what does the message from avast say?
«
Last Edit: February 12, 2016, 12:24:06 PM by Pondus
»
Logged
Asyn
Avast Überevangelist
Certainly Bot
Posts: 76037
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #2 on:
February 12, 2016, 12:22:40 PM »
->
https://sitecheck.sucuri.net/results/www.mastering-academy.de/
->
https://sitecheck.sucuri.net/results/www.mastering-academy.com/
Logged
W8.1
[x64]
-
Avast Free AV 23.3.8047.BC
[UI.757]
- Firefox ESR 102.9
[NS/uBO/PB]
- Thunderbird 102.9.1
Avast-Tools:
Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos):
https://forum.avast.com/index.php?topic=60523.0
Pondus
Probably Bot
Posts: 37533
Not a avast user
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #3 on:
February 12, 2016, 12:30:33 PM »
HTML code scan
https://www.virustotal.com/en/file/28a0a37fa9f541b102bda88a2cf49bba1d19bc675f5c8445409d42b442143d90/analysis/1455276500/
https://www.virustotal.com/en/file/c2d2a39bd0173e99c6183e20b6887fe969c8f31a661c7aa3c55e4fc0b496cc6f/analysis/1455276569/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33904
malware fighter
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #4 on:
February 12, 2016, 01:55:53 PM »
I see two vulnerable libraries flagged here:
-http://www.mastering-academy.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.mastering-academy.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://www.mastering-academy.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery.prettyPhoto - 3.1.2 : (active1) -http://www.mastering-academy.com/wp-content/themes/infocus/lib/scripts/prettyphoto/js/jquery.prettyPhoto.js?ver=2.3
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
(active) - the library was also found to be active by running code
2 vulnerable libraries detected
Isue and warning here:
https://mxtoolbox.com/domain/www.mastering-academy.com/
This link? ->
http://toolbar.netcraft.com/site_report?url=http://online-sale24.com
is flagged:
Javascript included from a blacklisted domain. Details:
http://sucuri.net/malware/entry/MW:BLK:2
Javascript: online-sale24.com but it does not resolve now, no response:
https://urlquery.net/report.php?id=1455281096382
So I see no active malware now.
CMS issues to mitigate:
WordPress Version
4.4.1
Version does not appear to be latest 4.4.2 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
jquery-featured-content-gallery latest release (1.2)
http://www.cibydesign.co.uk/resources-and-downloads/
all-in-one-seo-pack 2.2.7.5 latest release (2.2.7.6.2) Update required
http://semperfiwebdesign.com
facebook-likes-you 1.5.4 latest release (1.5.4)
http://wolnaelekcja.pl/wp-facebook-likes-you
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 None wp_admin
Should come disabled.
Another issue: 50% of the trackers on this site could be protecting you from NSA snooping. Tell mastering-academy.com to fix it.
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d5fb79cb40414a3091dxxxxxxxxae2ac1a1445965753 local.adguard.com __cfduid
At least 8 third parties know you are on this webpage.
-Google
-Google
-Facebook
-Google
-www.mastering-academy.com
-online-sale24.com (this was at the culprit of your malware infection, Avast flagged as HTML:Script-inf, aka Sucuri'sreports at:
http://sucuri.net/malware/entry/MW:BLK:2
)
-local.adguard.com
-www.mustbebuilt.co.uk -www.mustbebuilt.co.uk
polonus (volunteer website security analyst and website error-hunter)
«
Last Edit: February 12, 2016, 02:05:28 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37533
Not a avast user
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #5 on:
February 12, 2016, 03:53:54 PM »
F-Secure lab confirms infections
==========================================================
The file you sent (
academy.com
) was found to be malicious.
We will be detecting the sample you submitted as
Trojan.HTML.Agent.MG
===========================================================
The file you sent (
academy.de
) was found to be malicious.
We will be detecting the sample you submitted as
Trojan.HTML.Agent.MF
============================================================
Logged
REDACTED
Guest
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #6 on:
February 12, 2016, 04:49:49 PM »
Quote from: Pondus on February 12, 2016, 12:19:50 PM
what does the message from avast say?
It says: Infection Type: HTML:Script-inf
The complete message is German. It says that the URL has a malicious code
Logged
Asyn
Avast Überevangelist
Certainly Bot
Posts: 76037
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #7 on:
February 12, 2016, 04:51:08 PM »
Well, the infection has been confirmed, you've to clean it.
Logged
W8.1
[x64]
-
Avast Free AV 23.3.8047.BC
[UI.757]
- Firefox ESR 102.9
[NS/uBO/PB]
- Thunderbird 102.9.1
Avast-Tools:
Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos):
https://forum.avast.com/index.php?topic=60523.0
Pondus
Probably Bot
Posts: 37533
Not a avast user
Re: avast reports virus on my website but I can´t detect any infection. Please check
«
Reply #8 on:
February 12, 2016, 05:01:37 PM »
if you need help Sucuri will do it for a fee >>
https://sucuri.net
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
avast reports virus on my website but I can´t detect any infection. Please check