Didn’t identify a threat: malware.cryptominer?9.2

  • Resolved Jon Hardison

    (@jonhardison)


    7 years, 1 month ago

    Found your plug-in today and decided to give it a go as two sites on my server were infected with one of these Crypo mining bugs that’s going around. Found out cuz our server was sending ridiculous amounts of SPAM.

    Anyways, your plug-in didn’t find anything. o.O

    Searching through your support tickets I see that this happened with someone else recently and a different version of the same thing.

    Your plugin says I’m clean but the other guys say the following:

    Website Malware malware.cryptominer?9.2 https://SITENAME.com/ ( View Payload )
    Website Malware malware.cryptominer?9.2 https://SITENAME.com/404testpage4525d2fdc ( View Payload )
    Website Malware malware.cryptominer?9.2 https://SITENAME.com/404javascript.js ( View Payload )
    Website Malware malware.cryptominer?9.2 https://SITENAME.com/ ( View Payload )

    Anything to be done here?
    I’m all ready to donate and all but I want to be sure everything works.

    Thanx again. ??

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Eli

    (@scheeeli)

    Yes, There is always lots that can be done. Unfortunately, you didn’t give me any information that I can act on here. I understand that you may not want to post your SITENAME on a public forum, but you didn’t even post the payload that was found on your site (only the name malware.cryptominer?9.2 which is just what sucuri calls this variant). Can you please post the code that was found and maybe also where it was found on your site?

    It may also help to see a screenshot of your scan results using my plugin so that I can make sure that there was nothing obvious missed there.

    You can also contact me directly if you want to share any sensitive or private information that might help me troubleshoot this specific threat.

    Thread Starter Jon Hardison

    (@jonhardison)

    Sorry ’bout that. First timers and all…

    (removed and request closed.)

    • This reply was modified 7 years, 1 month ago by Jon Hardison.
    Thread Starter Jon Hardison

    (@jonhardison)

    Note: Your plugin had successfully completed a scan earlier, but it hung up this time around. Just thought I should explain.

    Plugin Author Eli

    (@scheeeli)

    As i said before, a screenshot would be helpful. You’re still not giving me any information that I can work with to help you find a solution.

    Please let me help you figure out why the scan is getting hung up and why it’s not finding any threats.

    Thread Starter Jon Hardison

    (@jonhardison)

    Sorry to waste your time. I’m not sure what else you’d like so I’ll go another way.

    Plugin Author Eli

    (@scheeeli)

    I don’t understand, I never said you were wasting my time and I have already told you what else I would like so that I can help you. Please don’t just give up and “go another way” when I am here to help you. Please, can you just answer my questions from my last two posts so that I can help you. I just need to see what you are dealing with. If you don’t want to post any detailed info or this forum then you can contact me directly:
    eli AT gotmls DOT net

    Thread Starter Jon Hardison

    (@jonhardison)

    I’m just not understanding what you’re asking for.
    You’d asked for screen captures of the scans which showed the locations of the infection, which I provided, and the payload, which I also provided.

    Not a biggie. No harm done.

    Your plug-in didn’t make clear why it didn’t complete the second time. I ran a full scan and that worked fine. Then I ran a quick scan and it said it ran out of memory and directed me to run a full scan so I did. (So I could get you a screen capture.) It showed as in progress and got stuck with a few seconds left but there was no error or notification.

    • This reply was modified 7 years, 1 month ago by Jon Hardison.
    Plugin Author Eli

    (@scheeeli)

    I never got your screenshots of the scan or the payload.

    Also, if you send me a screenshot of the stuck scan then I could try to find a solution to that too. It may not matter to you but it matters to me when my plugin does not work for someone. I would like the opportunity to make it better so that it does work for everyone.

    Thread Starter Jon Hardison

    (@jonhardison)

    I sent both and a copy and paste of the payload. I’ll email them to you.

    Plugin Author Eli

    (@scheeeli)

    I do not see where you posted them before but I did just get your email with the attachments and that help a lot.

    First, I can now see that this is a known threat that is already in my definitions and my plugin has actually already removed it from your site. The sucuri results that you have been worrying about were cached from before you used my plugin to fix you site, so they were old and inaccurate. I could see that at the bottom of the sucuri results page it said:
    *Cached results from the last 24 hrs. Force a Re-scan to clear the cache.

    When I clicked on the “Force a Re-scan” link then the scan confirmed that your website is now clean ??

    Furthermore, your other screenshot clearly shows that my scanner is getting stuck while trying to re-scan a cache file that was created and being updated by you supercache plugin. This is a common problem with caching plugins and all caching should be disabled and all cache files should be deleted before you scan your site. You could also choose to exclude the cache folder from the scan in the scan setting but it would be better to delete the cache files so that you don’t save any infected versions of your pages.

    I really appreciate your continuing the conversation and providing the information I needed, and I hope that I have been helpful in resolving these issues for you. Please let me know if I can be of any further assistance.

    Aloha, Eli

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Didn’t identify a threat: malware.cryptominer?9.2’ is closed to new replies.

Tags