|
jackie neufeld
|
September 14, 2014 at 1:20 am
Hi there,
A couple days ago we were alerted by customers that our site was “not safe”; after doing some digging I’ve found that Windows Defender says that Malware is detected when visiting our site (https://tiggys.ca). Apparently the “Trojan” JS/Iframe.DI is triggering the response. Avast Antivirus doesn’t seem to be triggered when browsing the site online.
I’ve scanned the site with multiple malware detectors, and all say the site is clean. I’ve also searched through the most common places a backdoor or malicious file would be hidden (ie htaccess, wp-config, index.php, plugins, themes and uploads folders), and have found nothing. However, when scanning individual files (with both Windows Defender and Avast) a number of files in the Event Espresso plugins folders are flagged as malware (specifically in the espresso-calendar>scripts folder). I’ve looked through the code and can’t find anything obvious, so can only assume the programs are returning a false positive?
I wanted to bring this to your attention as I’m not sure if anyone else has had this issue, and want to know if something can be done about it since those customers who use Windows Defender are going to be discouraged from visiting our site altogether, let alone paying for classes online.
Thanks
|
|
Lorenzo Orlando Caum
|
September 14, 2014 at 4:02 pm
Hi,
No issues are being reported by other web services:
http://www.UnmaskParasites.com/security-report/?page=tiggys.ca
http://sitecheck.sucuri.net/results/tiggys.ca
—
Lorenzo
|
|
jackie neufeld
|
September 14, 2014 at 7:32 pm
Thanks for the reply; I’ve received the same results showing that the site is safe, but for some reason Windows Defender continues to flag the site as downloading malware. I guess I was just wondering if there’s some way to prevent this from happening as customers are concerned about it, even though they have no need to be.
I’ll try contacting Microsoft about it.
Thanks
|
|
Dean
|
September 15, 2014 at 2:25 am
Hi,
It is most likely a false positive, we haven’t seen any reported issues.
Also, I ran a search for JS/Iframe.DI and could not trace that as being part of Event Espresso. So it either relates to another plugin or in theory has been maliciously added.
I would recommend tracing the location of that file, to clarify what it is and where it is from.
|
|
jackie neufeld
|
September 17, 2014 at 10:18 pm
Will do, thanks!
|
