Sucuri SiteCheck says infected with malware (13 posts)

  1. u88257
    Posted 2 years ago #

    i use Sucuri SiteCheck to check my site and it says
    Malware found in the URL:

    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <script type='text/javascript' src='http://gtacg.co.cc/wp-includes/js/jquery/jquery.js?ver=1.7.2'></script>

    how to resolve?
    here is the link http://sitecheck.sucuri.net/results/gtacg.co.cc

    my site gtacg.co.cc

    i use google webmaster and it says fine... weird

  2. s_ha_dum
    Posted 2 years ago #

    It looks a bit like you are guilty by association. Have you contacted Sucuri and asked for a re-evaluation?

  3. u88257
    Posted 2 years ago #

    i can't really understand you can you explain?
    poor english sorry

  4. s_ha_dum
    Posted 2 years ago #

    I think that Sucuri made a mistake. Ask support@sucuri.net to recheck your site.

  5. u88257
    Posted 2 years ago #

    but my antvir do pop up thought...(when i open my wordpress)

  6. s_ha_dum
    Posted 2 years ago #

    Then contact your anti-virus software manufacturer.

    You can replace that file with a clean file from here (http://wordpress.org/download/). If you still get an error, your anti-virus software is wrong.

  7. Pioneer Web Design
    Posted 2 years ago #

    sites rarely get blacklisted unless the owner/host ignores repeated warnings...avoid this link..mod should remove it

  8. Sucuri just reports on what the other sites say, and what they find in a scan at that moment, so it's hard for it to be a 'mistake' on their part.

    I generally find that when someone is yelling that they're clean and all the other sources say they're not, its their server/host who is at fault. Or they just don't know what they're doing. Check your web server as a whole, it could be that's infected, which would taint your results too.

  9. s_ha_dum
    Posted 2 years ago #

    The site is offline right now, but when I could see it, it looked fine. Sucuri is triggering on jQuery. If you look at that jQuery file (view-source:http://gtacg.co.cc/wp-includes/js/jquery/jquery.js?ver=1.7.2) the only thing different about it from the stock jQuery 1.7.2 (http://code.jquery.com/jquery-1.7.2.min.js) is jQuery.noConflict(); at the end of u88257's file. That might be enough to throw a badly designed filter, but I see that same jQuery.noConflict(); on our sites and we don't have an issue. Otherwise, is there some horrible flaw in jQuery 1.7.2?

    Two things come to mind. That domain looks like the random-character domains used by spammers, and in fact there are some similar domains listed in some spam databases. That might be enough to trigger some heuristic filters. And secondly, what Ipstenu said. You could be tainted by other sites on your server.

  10. jQuery.noConflict(); won't cause a problem :)

  11. u88257
    Posted 2 years ago #

    ok it's fine now
    i just change a domain and re install wordpress

  12. perezbox
    Sucuri.net CEO
    Posted 2 years ago #


    Tony here with Sucuri. Please if you ever feel we're reporting something incorrectly send us a note at info@sucuri.net.

    I'd be lying if I said we don't make mistakes.

    Take Care


    Glad to see its better now. I do see that we're blacklisting you in our own engine and I'll pass it up to the engineers to take a look.

  13. faulty
    Posted 2 years ago #

    Check the size of your jquery.js and also open the jquery link in your browser. The size should be less than 100kb and it should show jquery and it's version in the file content.

    I had this problem, where a plugin changes the jquery.js in the background with a malware version. Took me a while to track down This plugin replaces jquery.js with a malware

Topic Closed

This topic has been closed to new replies.

About this Topic