Trojan.XFIZ-4 in plugin?

Viewing 6 replies - 1 through 6 (of 6 total)

  • are you download the plugin from wp-admin? or download it from other source and upload it manually?

    Thread Starter zedkon

    (@zedkon)

    Download from https://www.ads-software.com/plugins/jetpack/ and upload on VirusTotal.com
    Try

    Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    I’m afraid I’m not very familiar with VirusTotal, how it scans files, what it looks for, and what a “Trojan.XFIZ-4” exactly is.

    That said, I can guarantee that we didn’t include any Trojan in the latest version of Jetpack! This is most likely a false positive, but VirusTotal doesn’t seem to offer any way to know more about what exact file triggered the alert, and why.

    It might help to run another scan with a different service. You could for example use this plugin to scan your site for any malware.

    Let me know what you find!

    I was notified of this threat yesterday by a scan of my NAS Antivirus scanner. It concerns the file jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js. I examined the file and to me it looks like a false positive.

    I noticed the NAS Antivirus definitions file was updated a few days ago, so there may be a newly added signature that matches a string inside this file, which is quite small by the way. The supposed threat was found in a backup dated 2016-11-29. The readme says it is Jetpack version 4.4.1. (stable tag)

    Could the developer please check this file and confirm or reject the threat?

    Erik

    Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    @wpwebbouw If the version of the file on your server is similar to the one you can find here, we can guarantee there is no virus of trojan in that file.

    We haven’t made any changes to that file in the past year so there should be no changes on your site either.

    It’s worth noting that another Antivirus, ClamAV, also flagged that file as Trojan about 9 months ago, but eventually reverted their decision a few days after that:
    https://www.ads-software.com/support/topic/clamav-says-responsive-videosminjs-is-malware/

    If you are indeed using the original version of the file, it might be worth reporting that threat as false positive to your antivirus provider so they can fix the issue.

    I hope this helps.

    @jeherve The files are identical. I’ll notify the antivirus provider. Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Trojan.XFIZ-4 in plugin?’ is closed to new replies.