Trojan found in BB Plugin cache files - Kaspersky

mindator · February 9, 2016, 8:18am

Hello,

today I got a call from one one my that her Antivirus Software called Kaspersky (Windows) gives a lot of warnings regarded to the clients website.

Kaspersky said that there is a trojan called “HEUR:Trojan.Script…” inside the caching files from the BB Plugin. (Path: /wp-content/uploads/bb-plugin/cache/)

I’m pretty sure that this is impossible but can someone explains waht happened and how to solve this message?

Thanks in advance
Bastian

bencarlo · February 9, 2016, 9:36am

Hey Bastian,

Did it mention a specific file, or specific line on a specific file? Also, can you elaborate on what happened? Did she just visit the site and the AV on her computer popped up?

Ben

mindator · February 10, 2016, 9:55am

[Content Hidden]

Danny · February 10, 2016, 12:44pm

Hi Bastian,

How did this occur? Like Ben mentioned above, did your client visit her site and Kaspersky popped up with the notification?

Can you send her a copy of the bb-plugin.zip and ask her to run a scan on the zip, please?

Also, I added her site to the Securi URL scanner and the website appears to be clean.

Thanks,
Danny

mindator · February 11, 2016, 12:58am

Hi Danny and Ben,

to send her the Plugin isn’t an option. Her technical knowledge is…
I was also running a security test right inside ManageWP with no issues at all. The message just popped up on her windows based computer using Kaspersky.

I found the following post: http://forum.kaspersky.com/index.php?showtopic=13881
Maybe it’s a false positive flag?

Thanks
Bastian

daveporter · February 11, 2016, 1:21am

This is a product I tend to avoid

Russian antivirus firm faked malware to harm rivals - Ex-employees

Danny · February 11, 2016, 1:19pm

Hi Bastian,

I can say with confidence that Beaver Builder doesn’t include Trojans or any other malicious software. However, I can not say for certain that her AV notification is a false positive or not. Your client could well have been hacked.

I think the best course of action is for either your client or yourself to contact the hosting company and ask them to investigate further.

Thanks,
Danny

mindator · February 12, 2016, 12:01am

Hi Danny,

thanks for your answer. Please don’t get me wrong! I don’t want to blame you for anything. I love Beaver Builder and you support is just great and state of the art!

I just wanted to inform you…
I’ve sent the files to Kaspersky because I’m thinking it’s a positive false flag.
I will keep you updated!

But thanks anyway!
Bastian