We are having a problem with a website we have created and his being blocked by Avast and a few other antiviruses. And i’m being unable to find the reason.
We have paased a few online checkers (Sucuru, urlQuery, etc) y all say the web is ok.
We’are starting to think that it is a script from us that is kind of wrong, and the antiviruses are mistaking it with malware software. We have revised, and we don’t seem to have any script inyection, or any call to a strange server. We were going to start striping the website, deleting things to start from a point were avast let us enter, and work from there.
But we have seen that we can’t even enter to a page were we only do a echo of phpinfo().
hXXp://www.XXXXXXXXXXXXXX.com/phpinfo.php
Do you have any idea that is happening?, What can we do? and what should be the next steps?
We have already downloaded everything, passed an antivirus and upload it, change the passwords, etc.
This is another code hick-up there found by Quttera’s:
all-include.js
File size[byte]:
35793
Threat type:
Potentially Suspicious
Details:
Our investigation system run out of memory used for execution process.
Reason:
Reached execution stack limit. Stack content: [ = ]
MD5:
773C8C53B6F9B814F4B7F90948D4476C
Scan duration[sec]:
1.011000
and a further issue found up with a javascript unpacker:
wXw.revistamipediatra.com/wp-content/themes/twentyten/js/jquery1.3.2.js benign
[nothing detected] (script) wXw.revistamipediatra.com/wp-content/themes/twentyten/js/jquery1.3.2.js
status: (referer=wXw.revistamipediatra.com/)saved 72174 bytes 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious
Site is vulnerable because of outdated website software:
WordPress version: WordPress 3.1.4
Wordpress version from source: 3.1.4
Wordpress Version 3.1.x based on: htxp://www.revistamipediatra.com/wp-includes/js/autosave.js
WordPress theme: htxp://www.revistamipediatra.com/wp-content/themes/twentyten/
WordPress version outdated: Upgrade required, according to Sucuri’s…