Duplicator Pro

I don’t know. Can you please send me the files in question so that I can check them out and give you a better answer?

eli AT gotmls DOT net

Look the screenshot

https://www.imageup.ru/img29/3194211/clipboard01.jpg.html

To really answer your question I would need to see the contents of these files (like I asked you for). From this screenshot I can only guess that these “installer” files use some combination of eval and base64_decode to create a self-extracting archive that is encoded into a PHP script. While these were likely not created with malicious intent the results produces the same vulnerability that hackers could use to overwrite files on your site.

Again, if you can send me the contents of any one of those files then I can tell you exactly what is being detected as a threat. You can email me directly if you understandably don’t want to post that info on the public forum:
eli AT gotmls DOT net

@nitrat Please do not post the content of those files on this site. The author has generously offered their email address above.

Or if you like, post the file to https://pastebin.com/ and share the link to that paste here instead. That would be allowed.

Hi
For example this file

Thanks for posting this code. This SCRIPT tag was flagged not because of what it has inside but because it was improperly placed within the HTML in that template file. There should never be any tags, even script tags, after the end of the BODY. This SCRIPT tag was placed between the </body> and </html> which is improper HTML. But it is not a malicious script so I have whitelisted this script so that this file will no longer be identified as a known threat.