Jump to content

Please remove block, we deleted the blog but it is still showing positive..


Go to solution Solved by JPopovic,

Recommended Posts

Hi, we have a client that is being blocked by the Malwarebytes Chrome Extension.

I requested the site be unblocked earlier but we had a false positive on 
hxxp://cpethink.com/blog/wp-includes/js/jquery/ui/core.min.js

We verified that file is OK but virustotal.com was still reporting it as malware.

So we backed up and deleted the blog completely but virustotal.com is still showing the file exists and is malware.

hxxp://cpethink.com/blog - 404

hxxps://cpethink.com/blog - 404

If you go to any of the links above you get a 404 (as you should) and since there are no other positives may the site please be unblocked?

Many thanks... 

Edited by TeMerc
Disabled live links
Link to post
Share on other sites

Hi @TeMerc,

I've traced the problem to 2 listings on scumware.org and it is the only scanner reporting any problem.

VirusTotal Security Vendor List - https://www.screencast.com/t/KOzd8SpF

Scumware.org query results - https://www.screencast.com/t/fAocMxozyYj

The files in the Scumware.org query list have been completely removed as well as all WordPress files from our site.  

Is there anything you can help with?  We have cleaned our site and appear to be at the mercy of scumware.org and they are not easy to contact like your company is.

Many thanks, Tad

 

Link to post
Share on other sites

I think the issue is it takes Virus Total time to re sync the results from the reporting vendors. Now staff has to dig deeper manually and that is also time consuming.

Staff are all working remotely and scattered across the world and in different time zones as well.

Edited by Porthos
  • Like 1
Link to post
Share on other sites

Makes since but since scumware.org is still reporting the positive, VirusTotal just picks that up and then Malwarebytes picks that up.

Out of all the security vendors VirusTotal aggragates scumware.org is the only one reporting bad files and the files don't even exist.  So even if VirusTotal re-syncs their still going to get that we have bad files and we don't.

It's just frustrating that you can't get ahold of anyone at scumware.org and it's killing our site.  Booting the server tonight to clear cache's and see if that helps.

Thanks again for your help. 

Link to post
Share on other sites

Now deal with quttera listing on VT, the rest are clear now from what I see.

https://www.virustotal.com/gui/url/d7ca874295d100c48b01305e7c8d88f495adbbdbeedc44db47bf210bb3a0e95b/detection

Report incorrect detection or false positive on helpdesk.quttera.com or send an email to support@quttera.com

Edited by Porthos
  • Like 1
Link to post
Share on other sites

2 minutes ago, birdwell said:

I didn't see a a quterra listing on VT for our site.

2021-06-03_17h54_40.png.140b389e872dbf4d2428295da38e9e56.png

2 minutes ago, birdwell said:

that I should submit an incorrect detection?

You should, they are pretty fast, had to do one foe my site in the past, That is why I the contact info handy.😎

  • Like 1
Link to post
Share on other sites

Awesome, that wasn't even there this morning but is now.  Just submitted a ticket to remove a false positive for hxxp://cpethink.com/blog and the subdirectory doesn't even exist.  Will do a ticket for the main domain as well.  Thanks again and let me know anything I can do for you, your help is much appreciated.  

Link to post
Share on other sites

6 minutes ago, Porthos said:

You 40x page is up in the blog. But the issue is the script pointed out to you.

What script are you referring to?  All the WP scripts are gone, we deleted the entire subdirectory.

Link to post
Share on other sites

1 minute ago, birdwell said:

What script are you referring to?  All the WP scripts are gone, we deleted the entire subdirectory.

Now it 404, probably not an issue any longer but staff will respond asap.

Edited by Porthos
  • Like 1
Link to post
Share on other sites

Got it, that script, and all the other WP files, were deleted about 2 hours ago.  

We updated our menus and links we could find so far so unless someone is going direct they shouldn't even get the 404 page.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.