Jump to content

FP Review (hebtro.co)


GWCM
Go to solution Solved by BjelakovicL,

Recommended Posts

I am an admin of the site hebtro.co, a customer has reported that they are seeing the following message when visiting the site:

Website blocked due to a Trojan

Your Malwarebytes Premium blocked this website because it may contain a Trojan.

We strongly recommend you do not continue.

Can you check the cause of this?

Link to post
Share on other sites

  • Staff

Hi,

The site is blocked due to Gootloader: www.virustotal.com/gui/file/7a84e51bb2043050ea97fb263152951c1dd3735b0a0424c552cc08aa6b625641/relations
Please check your website's security for any suspicious logins or files on your servers. If you don't find anything unusual, we will remove the block. The problem is that Gootloader is using your website to exfiltrate data. Due to the high level of obfuscation in the script, we can't be certain whether your website is being used as a decoy or not. However, if you confirm everything is secure on your end, we can lift the block.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.