Support » Plugin: Ajax Search Lite » Plugins seen as a malware (quttera.com)

  • Hi all,

    recently my site has been marked as malware due to this plugin from quttera.com

    File:
    /wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js?ver=4.7.3

    Reason: Detected procedure that is commonly used in suspicious activity.

    Details: Too low entropy detected in string [[‘#mCSBap_,#mCSBap__container,#mCSBap__container_wrapper,.mCSBap__scrollbar .,#mCSBap__dragger_vertica’]] of length 110 which may point to obfuscation or shellcode.

    Any idea?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author wpdreams

    (@wpdreams)

    Hi,

    That is the minified version of the plugin main files, namely that line refers to the scrollbar script. Minified by microsoft ajaxmin into one single file.

    It is definitely a false positive, as it is clearly seen in the marked code that it’s an array of strings of the scrollbar HTML identifiers and classes – not an obfuscated code, nor a shell script.

    moved to new thread

    Thank you for reporting this issue.

    Please send list of all effected domains to support[at]quttera.com and our malware research team will investigate it and remove the warning.

    [ Signature deleted ]

    • This reply was modified 3 years, 5 months ago by Jan Dembowski.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugins seen as a malware (quttera.com)’ is closed to new replies.