Need help! is my site infected?

  • Resolved dfyz1337

    (@dfyz1337)


    2 years, 7 months ago

    is my site infected? is it possible to get rid of such viruses somehow? I can’t decipher it
    =======================================================================
    Quttera Web Malware Scanner plugin for WordPress
    Website Malware Scan Report

    Scanned Website: https://test.kristusha.fun
    Scan type: Internal
    Report generation time: 2021-09-15 23:00

    Scan launch time: 2021-09-15 21:44
    Scanned files: 11883
    Clean: 11865
    Potentially Suspicious: 16
    Suspicious: 0
    Malicious: 2

    © 2021 Quttera Ltd. All rights reserved.
    For any questions about this report: support@quttera.com
    =======================================================================

    FILE: wp-content/plugins/elementor/readme.txt
    FILE_MD5: 3be0617f792aed439a9da1c4564f2a66
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
    THREAT_NAME: Heur.HTML.Defacement.gen.F4248
    THREAT: Fatal Error…
    DETAILS: Website Potentially Defaced

    FILE: wp-content/plugins/elementor-pro/changelog.txt
    FILE_MD5: 96baa1c6d1905a07b2307500f5b3b0d2
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
    THREAT_NAME: Heur.HTML.Defacement.gen.F4248
    THREAT: Fatal Error…
    DETAILS: Website Potentially Defaced

    FILE: wp-content/plugins/wp-cloudflare-page-cache/readme.txt
    FILE_MD5: 8718fac11af2a4e84d71a4ea58126d18
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
    THREAT_NAME: Heur.HTML.Defacement.gen.F4248
    THREAT: Fatal Error…
    DETAILS: Website Potentially Defaced

    FILE: wp-content/plugins/wps-hide-login/readme.txt
    FILE_MD5: 0080215c9080065226df6727b6af4e43
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
    THREAT_NAME: Heur.HTML.Defacement.gen.F4248
    THREAT: Fatal Error…
    DETAILS: Website Potentially Defaced

    FILE: wp-content/plugins/autoptimize/classes/autoptimizeMain.php
    FILE_MD5: d8cdc2956ecbf5f47c38feda8cad11e4
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 1f62fa1974b28998c4cf654bdc2c05f4
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \xE2\x9A\xA1\xEF\xB8\x8F…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/plugins/amp/includes/validation/class-amp-validated-url-post-type.php
    FILE_MD5: 053f3c689ba2b02d3cad13dd73696aa4
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
    THREAT_NAME: Heur.HTML.Defacement.gen.F4248
    THREAT: Fatal Error…
    DETAILS: Website Potentially Defaced

    FILE: wp-content/plugins/wpforms-lite/assets/images/empty-states/no-entries.svg
    FILE_MD5: a438a632568e99f5908b1deec48ed29d
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 8d2ddbb4317298c4dd7d906763dfb85c
    THREAT_NAME: Heur.JS.Encoded.gen
    THREAT: 01.028.011.028.012.028.005.011.008.016.007.013.008.015.007.0…
    DETAILS: Malicious obfuscated JavaScript threat (JS Trojan Downloader)

    FILE: wp-content/plugins/wpforms-lite/vendor/mk-j/php_xlsxwriter/xlsxwriter.class.php
    FILE_MD5: 6a7b2891cacfc168eadbc4d1e193d2fe
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: ea818234bd45260819f343124a2b49bd
    THREAT_NAME: Heur.PHP.Hexa.gen.4e
    THREAT: $v[0].$v[0].$v[1].$v[1].$v[2]….
    DETAILS: Detected malicious PHP obfuscation

    FILE: wp-content/plugins/wpforms-lite/vendor/mk-j/php_xlsxwriter/xlsxwriter.class.php
    FILE_MD5: 6a7b2891cacfc168eadbc4d1e193d2fe
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: ea818234bd45260819f343124a2b49bd
    THREAT_NAME: Heur.PHP.Encoded.gen
    THREAT: $v[0].$v[0].$v[1].$v[1].$v[2]….
    DETAILS: Detected malicious PHP obfuscation

    FILE: wp-content/plugins/wpforms-lite/vendor/mk-j/php_xlsxwriter/xlsxwriter.class.php
    FILE_MD5: 6a7b2891cacfc168eadbc4d1e193d2fe
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 370ed82664e63f881bd923a80bb37673
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \x00\x01\x02\x03\x04\x05\x06\x07\x08\x0b\x0c\x0e\x0f\x10\x11…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/plugins/wpforms-lite/vendor/mk-j/php_xlsxwriter/xlsxwriter.class.php
    FILE_MD5: 6a7b2891cacfc168eadbc4d1e193d2fe
    SEVERITY: enSuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 22a9c9fe93bcf7587f6bbac9c2c654e9
    THREAT_NAME: Heur.PHP.Encoded.gen
    THREAT: \x00\x01\x02\x03\x04\x05\x06\x07\x08\x0b\x0c\x0e\x0f\x10\x11…
    DETAILS: Generic suspicious HEX encoder

    FILE: wp-content/plugins/amp/vendor/ampproject/amp-toolbox/src/Attribute.php
    FILE_MD5: c517397c8abf3178818a84229aaa6fb0
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 1f62fa1974b28998c4cf654bdc2c05f4
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \xE2\x9A\xA1\xEF\xB8\x8F…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/plugins/wp-mail-smtp/vendor_prefixed/monolog/monolog/src/Monolog/ErrorHandler.php
    FILE_MD5: 18c9c6de3fa35e7ff0d84ce2111248bf
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
    THREAT_NAME: Heur.HTML.Defacement.gen.F4248
    THREAT: Fatal Error…
    DETAILS: Website Potentially Defaced

    FILE: wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce.min.css
    FILE_MD5: f17b18d3b1a5061c2ff2209419327b95
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce.min-rtl.css
    FILE_MD5: cf9e97fdb6632a290a0633d5d86d0b80
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce-grid.min.css
    FILE_MD5: 480c0d7b30f82cf9faafa0cf034ef947
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce-grid.min-rtl.css
    FILE_MD5: d80cdadca71058f3472e1d6e0f1f413d
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/unminified/compatibility/woocommerce/woocommerce.css
    FILE_MD5: 0df6403a193af5f490ec842e89a06b2a
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/unminified/compatibility/woocommerce/woocommerce-rtl.css
    FILE_MD5: 769bfa3733f02a02f15e01bf2ba6eafe
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/unminified/compatibility/woocommerce/woocommerce-grid.css
    FILE_MD5: 92fd21e227c2bac8e99fb87f5cae3556
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

    FILE: wp-content/themes/astra/assets/css/unminified/compatibility/woocommerce/woocommerce-grid-rtl.css
    FILE_MD5: 1b317db4a6514374dffb705b03db0841
    SEVERITY: enPotentiallySuspiciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
    THREAT_NAME: Heur.PHP.Encoded.gen.271C
    THREAT: \73\73\73\73\73…
    DETAILS: Potentially suspicious obfuscated PHP threat

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author quttera

    (@quttera)

    2 years, 7 months ago

    Hello, most of files detected as potentially suspicious are clean.

    Can you please send us (support[at]quttera.com) the following files for further investigation 

    FILE: wp-content/plugins/wpforms-lite/assets/images/empty-states/no-entries.svg
FILE_MD5: a438a632568e99f5908b1deec48ed29d
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 8d2ddbb4317298c4dd7d906763dfb85c
THREAT_NAME: Heur.JS.Encoded.gen
THREAT: 01.028.011.028.012.028.005.011.008.016.007.013.008.015.007.0…
DETAILS: Malicious obfuscated JavaScript threat (JS Trojan Downloader)

FILE: wp-content/plugins/wpforms-lite/vendor/mk-j/php_xlsxwriter/xlsxwriter.class.php
FILE_MD5: 6a7b2891cacfc168eadbc4d1e193d2fe
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: ea818234bd45260819f343124a2b49bd
THREAT_NAME: Heur.PHP.Hexa.gen.4e
THREAT: $v[0].$v[0].$v[1].$v[1].$v[2]….
DETAILS: Detected malicious PHP obfuscation

    Best Regards
    Quttera team

    Thread Starter dfyz1337

    (@dfyz1337)

    2 years, 7 months ago

    thank you very much for the answer! I sent an email

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Need help! is my site infected?’ is closed to new replies.