Trojan found in BB Plugin cache files - Kaspersky


today I got a call from one one my that her Antivirus Software called Kaspersky (Windows) gives a lot of warnings regarded to the clients website.

Kaspersky said that there is a trojan called “HEUR:Trojan.Script…” inside the caching files from the BB Plugin. (Path: /wp-content/uploads/bb-plugin/cache/)

I’m pretty sure that this is impossible but can someone explains waht happened and how to solve this message?

Thanks in advance

Hey Bastian,

Did it mention a specific file, or specific line on a specific file? Also, can you elaborate on what happened? Did she just visit the site and the AV on her computer popped up?


[Content Hidden]

Hi Bastian,

How did this occur? Like Ben mentioned above, did your client visit her site and Kaspersky popped up with the notification?

Can you send her a copy of the and ask her to run a scan on the zip, please?

Also, I added her site to the Securi URL scanner and the website appears to be clean.


Hi Danny and Ben,

to send her the Plugin isn’t an option. Her technical knowledge is… :wink:
I was also running a security test right inside ManageWP with no issues at all. The message just popped up on her windows based computer using Kaspersky.

I found the following post:
Maybe it’s a false positive flag?


This is a product I tend to avoid :slight_smile:

Russian antivirus firm faked malware to harm rivals - Ex-employees

Hi Bastian,

I can say with confidence that Beaver Builder doesn’t include Trojans or any other malicious software. However, I can not say for certain that her AV notification is a false positive or not. Your client could well have been hacked.

I think the best course of action is for either your client or yourself to contact the hosting company and ask them to investigate further.


Hi Danny,

thanks for your answer. Please don’t get me wrong! I don’t want to blame you for anything. I love Beaver Builder and you support is just great and state of the art!

I just wanted to inform you…
I’ve sent the files to Kaspersky because I’m thinking it’s a positive false flag.
I will keep you updated!

But thanks anyway!