Heur.PHP.Redirection.gen | Heur.PHP.shell.gen.| Heur.PHP.Encoded.gen4a |
-
Hi,
There is an issue with the menu options being redirected since we can see that. The internal scanner high sensitivity is picking up a lot of files and we’re not sure if any of them could be false positives since I only loaded some of the plugins (such as a backup plugin a couple of hours ago). Is there any way to check?
FILE: wp-admin/error_log FILE_MD5: de9c81a62683b8f7f9ae9f90bbe75ae3 SEVERITY: enSuspiciousThreatType ENGINE: fscanner THREAT_SIG: de9c81a62683b8f7f9ae9f90bbe75ae3 THREAT_NAME: Heur.AlienFile.gen THREAT: Unknown file in core directory... DETAILS: Detected unknown file in core directory FILE: wp-content/plugins/gravityforms/form_display.php FILE_MD5: 4d5e7661171385070d39045d58b73f25 SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: 999dd5804d39072b088474020b5200d1 THREAT_NAME: Heur.PHP.Redirection.gen THREAT: <?php if ( ! class_exists( 'GFForms' ) ) { die(); } clas... DETAILS: Detected malicious redirection header FILE: wp-content/plugins/malinky-ajax-pagination/malinky-ajax-pagination-settings.php FILE_MD5: 919c9c2fb9d2252a1496ad76b821d915 SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: ca3d6a91d66ba002f344fdec36c2a0e7 THREAT_NAME: Heur.PHP.shell.gen.4a THREAT: <?php echo $_GET[... DETAILS: Detected PHP backdoor FILE: wp-content/themes/twentytwentytwo/style.css FILE_MD5: d7e677459ff8b1c5e30f54106a519bd9 SEVERITY: enSuspiciousThreatType ENGINE: fscanner THREAT_SIG: d7e677459ff8b1c5e30f54106a519bd9 THREAT_NAME: Heur.CoreFile.gen THREAT: Modified core file... DETAILS: Detected modified core file FILE: wp-content/themes/twentytwentytwo/readme.txt FILE_MD5: 990c22480b97a9a35bc756a16a8d7847 SEVERITY: enSuspiciousThreatType ENGINE: fscanner THREAT_SIG: 990c22480b97a9a35bc756a16a8d7847 THREAT_NAME: Heur.CoreFile.gen THREAT: Modified core file... DETAILS: Detected modified core file FILE: wp-content/plugins/gravityforms/js/layout_editor.js FILE_MD5: 56ef0615f8fd506ba47227ec94fc8500 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 4ba755f5401c47085f6682974a868a40 THREAT_NAME: Heur.JS.Encoded.gen THREAT: 'xxxxxxxx'.replace... DETAILS: Suspicious obfuscated JavaScript threat FILE: wp-content/plugins/gravityforms/js/gravityforms.js FILE_MD5: 1de92e1fb1b9c2d74bb075777eb25a10 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 4ba755f5401c47085f6682974a868a40 THREAT_NAME: Heur.JS.Encoded.gen THREAT: 'xxxxxxxx'.replace... DETAILS: Suspicious obfuscated JavaScript threat FILE: wp-content/plugins/patchstack/includes/firewall.php FILE_MD5: 419d0b8963c980eac9524cf3b872e3a5 SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: 4cb2b30148802b40fd5d2146b50c5a79 THREAT_NAME: Heur.PHP.Redirection.gen THREAT: <?php // Do not allow the file to be called directly. if... DETAILS: Detected malicious redirection header FILE: wp-content/plugins/advanced-custom-fields-pro/includes/api/api-helpers.php FILE_MD5: 569e09df25ce283e3f508bc26328a5a5 SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: fa1607da1ee2e40f3d26b9b366318661 THREAT_NAME: Heur.PHP.Encoded.gen THREAT: $_REQUEST['acf']... DETAILS: Detected malicious PHP REQUEST FILE: wp-content/plugins/gravityforms/includes/libraries/class-dom-parser.php FILE_MD5: 155bfd32d66cdfb182f29fb4701cd51a SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 1f62fa1974b28998c4cf654bdc2c05f4 THREAT_NAME: Heur.PHP.Encoded.gen.271C THREAT: \xE2\x9A\xA1\xEF\xB8\x8F... DETAILS: Potentially suspicious obfuscated PHP threat FILE: wp-content/plugins/wpvivid-backuprestore/includes/staging/class-wpvivid-staging.php FILE_MD5: 6a2b78c239c5363e1067011ee3f092ba SEVERITY: enMaliciousThreatType ENGINE: fscanner THREAT_SIG: c8d27f7a8124ff8a81ad31f24e591cd8 THREAT_NAME: Heur.PHP.Redirection.gen THREAT: <?php if (!defined('WPVIVID_PLUGIN_DIR')) { die; } if ( ... DETAILS: Detected malicious redirection header FILE: wp-content/plugins/the-events-calendar/common/node_modules/intro.js/intro.js FILE_MD5: 6757cb480169f59261da89b8412b3a32 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: a8cb0a1b53a869c704afb0baf94a22f7 THREAT_NAME: Heur.JS.Encoded.gen THREAT: 'a'.replace... DETAILS: Suspicious obfuscated JavaScript threat FILE: wp-content/plugins/all-in-one-seo-pack/vendor_prefixed/monolog/monolog/src/Monolog/ErrorHandler.php FILE_MD5: 83407523a4acc36e288b2a4926e17ee2 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987 THREAT_NAME: Heur.HTML.Defacement.gen.F4248 THREAT: Fatal Error... DETAILS: Website Potentially Defaced FILE: wp-content/plugins/the-events-calendar/common/vendor/firebase/php-jwt/src/JWT.php FILE_MD5: 39ae2f012e548b7498eba332fb5f64c3 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987 THREAT_NAME: Heur.HTML.Defacement.gen.F4248 THREAT: Fatal Error... DETAILS: Website Potentially Defaced FILE: wp-content/plugins/wpvivid-backup-pro/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php FILE_MD5: 2924c64934d54e6827ab1d1ee47ecdc9 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: aa96fbca81cb74ed2d19cf8cb56cd58e THREAT_NAME: Heur.PHP.Encoded.gen.271C THREAT: \x40\x5c\x7b\x7d\x7f... DETAILS: Potentially suspicious obfuscated PHP threat FILE: wp-content/plugins/wpvivid-backuprestore/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php FILE_MD5: f14d737cf3cdb4eda80b656393e8aa51 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: aa96fbca81cb74ed2d19cf8cb56cd58e THREAT_NAME: Heur.PHP.Encoded.gen.271C THREAT: \x40\x5c\x7b\x7d\x7f... DETAILS: Potentially suspicious obfuscated PHP threat FILE: wp-content/plugins/wpvivid-backuprestore/vendor/monolog/monolog/src/Monolog/ErrorHandler.php FILE_MD5: cc7daf6eb6d328f14b1ecd2e43bd47ae SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987 THREAT_NAME: Heur.HTML.Defacement.gen.F4248 THREAT: Fatal Error... DETAILS: Website Potentially Defaced FILE: wp-content/plugins/the-events-calendar/common/vendor/monolog/monolog/src/Monolog/ErrorHandler.php FILE_MD5: 2873d712055688c2b5b669c19b68b8f4 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987 THREAT_NAME: Heur.HTML.Defacement.gen.F4248 THREAT: Fatal Error... DETAILS: Website Potentially Defaced FILE: wp-content/plugins/wpvivid-backuprestore/vendor/monolog/monolog/tests/Monolog/Formatter/NormalizerFormatterTest.php FILE_MD5: 9b4b4d5a6c961591c00dadcef95bf234 SEVERITY: enPotentiallySuspiciousThreatType ENGINE: fscanner THREAT_SIG: 3902bd2d49719841946eb8cefe886bfb THREAT_NAME: Heur.PHP.Encoded.gen.271C THREAT: \xA4\xA6\xA8\xB4\xB8\xBC\xBD\xBE... DETAILS: Potentially suspicious obfuscated PHP threat FILE: wp-content/plugins/wpvivid-backuprestore/vendor/monolog/monolog/tests/Monolog/Formatter/NormalizerFormatterTest.php FILE_MD5: 9b4b4d5a6c961591c00dadcef95bf234 SEVERITY: enSuspiciousThreatType ENGINE: fscanner THREAT_SIG: 45226b9b19886d817829a126c993a3fa THREAT_NAME: Heur.PHP.Encoded.gen THREAT: \xB1\x31\xA4\xA6\xA8\xB4\xB8\xBC\xBD\xBE\xFF... DETAILS: Generic suspicious HEX encoderThanks for your help,
KarenThe page I need help with: [log in to see the link]
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Heur.PHP.Redirection.gen | Heur.PHP.shell.gen.| Heur.PHP.Encoded.gen4a |’ is closed to new replies.
