GWCM Posted September 12 ID:1660488 Share Posted September 12 I am an admin of the site hebtro.co, a customer has reported that they are seeing the following message when visiting the site: Website blocked due to a Trojan Your Malwarebytes Premium blocked this website because it may contain a Trojan. We strongly recommend you do not continue. Can you check the cause of this? Link to post Share on other sites More sharing options...
Staff BjelakovicL Posted September 12 Staff ID:1660492 Share Posted September 12 Hi, The site is blocked due to Gootloader: www.virustotal.com/gui/file/7a84e51bb2043050ea97fb263152951c1dd3735b0a0424c552cc08aa6b625641/relations Please check your website's security for any suspicious logins or files on your servers. If you don't find anything unusual, we will remove the block. The problem is that Gootloader is using your website to exfiltrate data. Due to the high level of obfuscation in the script, we can't be certain whether your website is being used as a decoy or not. However, if you confirm everything is secure on your end, we can lift the block. Link to post Share on other sites More sharing options...
GWCM Posted September 12 Author ID:1660504 Share Posted September 12 Thanks. I've had the host do a Malware scan and they couldn't find anything unusual. Are you able to lift the block, please. Link to post Share on other sites More sharing options...
Staff Solution BjelakovicL Posted September 13 Staff Solution ID:1660788 Share Posted September 13 Thanks! The block will be removed in the next database update. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now