Advice Request HEUR:Trojan-PSW.Script.Generic

Please provide comments and solutions that are helpful to the author of this topic.

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,572
Hello,
KTS blocks the access to this site "francis-miot.com" because of the detection of "HEUR:Trojan-PSW.Script.Generic".
I know this site for many years and I never have any problem, so I think that it could be a false positive.
I checked with VT and there is 1 detection {VirusTotal} ; I also checked with Virus Desk and the answer is that this URL is unknown, so I submitted the URL ; I also opened a ticket with Kaspersky support.
I know that Kaspersky support is very slow, so I hope that you can help me...
miot.PNG
miot1.PNG
 

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,064
According to Netcraft it is catalogued as "Shopping Site Skimmer Detected". I suggest you send an email to the site administrator which is as follows: contact (@) francis-miot (dot) com telling him about this incident. They must solve the problem that some antivirus like kaspersky or Netcraft extension mark as malicious the site.

You can search for references in Google: Shopping Site Skimmer Detected - Google Search
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,572
According to Netcraft it is catalogued as "Shopping Site Skimmer Detected". I suggest you send an email to the site administrator which is as follows: contact (@) francis-miot (dot) com telling him about this incident. They must solve the problem that some antivirus like kaspersky or Netcraft extension mark as malicious the site.

You can search for references in Google: Shopping Site Skimmer Detected - Google Search
Also I've sent it to KVirusDesk, waiting for final verdict...

Thanks @Lobito Punky and @harlan4096
I have yet send the information to"francis-miot contact" on November 14th but get no answer until now.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,471
I visited the site without Mcafee giving any alerts and I don't think I'm infected.
But you haven't ordered and paid anything yet...
According to Netcraft:
What are shopping site skimmers?
A shopping site skimmer is a malicious script that steals your payment card information when you checkout on an online store, and sends it back to a fraudster to use later. Netcraft finds and detects shopping site skimmers on the Internet and blocks them in the Extension.
There could be a malicious script running on that website.
I would wait for the report of Kaspersky Virus Desk before buying anything on that site.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,624
Final verdict from Kaspersky analyst:
Hello,

This is not a false alarm. This site is infected.

Here is the malicious code:

"<script>
function b64EncodeUnicode(str) {

...
,buildData());
}
}
};"

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

Best regards,
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,624
For malicious/phishing URLs They usually take around 2 days to finally response... I got a 1st response confirming the detection, then I asked if a possible false positive and that is the final answer... and yes, this is the complete answer (only ommited the name of the analyst)...

To send my request just used Kaspersky Virus Desk and gave my email (@gmail) to confirm the final verdict...
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,572
For malicious/phishing URLs They usually take around 2 days to finally response... I got a 1st response confirming the detection, then I asked if a possible false positive and that is the final answer... and yes, this is the complete answer (only ommited the name of the analyst)...

To send my request just used Kaspersky Virus Desk and gave my email (@gmail) to confirm the final verdict...
Thanks @harlan4096
I did the same steps but with "Kaspersky Virus Desk" in French...
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,572
Yes this is the file included on the mail:
"
Merci de votre réponse monsieur
Je vous le renvoie en pièce jointe.

Bien à vous

malicious script.txt (0.01Mb) "
Are you sure that the script is incomplete ? If yes I can try to ask again.
NB: previously I received 2 mails from the support but the script was not visible...
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,471
So malware detected and running on outdated software:
Website Malware & Security
  • Malware detected by scan (Critical Risk)
  • No injected spam detected (Low Risk)
  • No defacements detected (Low Risk)
  • No internal server errors detected (Low Risk)
  • Site is outdated (High Risk)
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,572
So malware detected and running on outdated software:
Thanks @Gandalf_The_Grey
I never heard about "Sucuri Security". Is it reliable ?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top