Support » Fixing WordPress » WordPress 4.7 Virus

  • Resolved santman

    (@santman)


    [ Moderator note: moved to How-to and Troubleshooting. ]

    Hi, i just wanted to highlight that when i upload wordpress to the server, it reaches 100% and then this error shows up. “The file you uploaded, wordpress-4.7.zip, contains a virus so the upload was canceled: Win.Trojan.Toa-5370261-0 FOUND” . Please Check on this. Ive done multiple installs on different PC’s, but all throw the same error. Different PC’s, Different Downloads.
    Please look into this and let me know. Thank you.

Viewing 12 replies - 1 through 12 (of 12 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Thanks for highlighting this @santman, where are you downloading WordPress from?

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    That is either a false positive caused by your anti-virus product or your really compromised. Hopefully it’s your AV product.

    My virus scanning tool thinks WP 4.7 is a virus: Their library definitions aren’t updated yet. If you downloaded from WordPress.org, you’re fine. The same goes for any security plugins. Upgrade them and check again.

    https://wordpress.org/support/topic/read-this-first-wordpress-4-7-master-list/?view=all#post-8521427

    Bump, same here. I tried installing version 4.6 instead, downloaded from archives and same error. Trying an older copy which i have previously. The error comes when i upload it via file uploaded in cpanel

    • This reply was modified 3 years, 3 months ago by arshad10244.
    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    @arshad10244, Please don’t bump, that’s not something we allow on the forums.

    Hi @anevins, I Download wordpress from the wordpress.org website. I run a linux based server and i get this error. Like @arshad10244 pointed out, this happens when i upload it through file uploaded through cpanel.

    • This reply was modified 3 years, 3 months ago by santman.
    • This reply was modified 3 years, 3 months ago by santman.

    Update: I tried uploading the same file v 4.6.1 (was on my system) which i had uploaded earlier on Saturday without any problems, now it is also showing the same error which means it is some sort of issue with cpanel itself.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    These are all the WordPress files hosted at WordPress.org: ‘https://core.svn.wordpress.org/trunk/’ and there isn’t a ‘Win.Trojan.Toa-5370261-0’ found there.

    It’s likely that there is an issue with your hosting provider’s malware scanning methods, or that your installation has been compromised.

    Got it. I think its a problem with Cpanel itself as it is not letting me upload older installations of WordPress itself. I Think security scripts will have to be run in order to check whether the installation has been compromised. Ill Update this forum post once we get to the root of it.

    I assume its an update to cpanel, my multiple hostings from different hosts are affected

    Facing the same issue with A2hosting.
    says the following trojan is found.
    win trojan toa 5370261

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    This is a false positive result. WordPress 4.7 does not have a virus.

    Here are the results from a VirusTotal scan of the WordPress ZIP file:

    https://www.virustotal.com/en/file/b6cfd950697efdceb96d1bea3f5992fb6626b2b0c08f6ad20a05c5991b2766e6/analysis/1482751018/

    As you can see, only one virus scanner, ClamAV, is reporting anything. 53 other separate virus scanners report nothing out of the ordinary.

    This type of false positive is often produced when virus scanners try a little too hard to detect new things. ClamAV in particular only published this “new signature” on December 25th. They published it with a lot of other signatures as well:

    http://www.gossamer-threads.com/lists/clamav/virusdb/68432

    They made their signatures just a little too broad, and now it falsely detects WordPress as having something that it doesn’t have. They’ll probably fix their signatures in a day or two.

    However, there’s nothing wrong with WordPress 4.7. There is no virus in it. Your virus scanning software is incorrect.

    They haven’t fixed them to-date. Still same problem.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘WordPress 4.7 Virus’ is closed to new replies.