Possible malware in controller.php

  • Resolved stephaniebruening

    (@stephaniebruening)


    1 year, 7 months ago

    Hello,

    is it possible that there is malware in the duplicator (free version) controller.php file?

    When I create a backup using duplicator and try to save it to my PC my Avast Virus scanner aborts the download and tells me about a malware detection (trojan) in the controller.php file.

    Is this a security issue the duplicator team knows about and is there a possibility to find out if the site or the backup is infected? Are there any solutions or measures to take now? Thanks so much for your help.

    Regards Stephanie

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support mohammedeisa

    (@mohammedeisa)

    Hi @stephaniebruening,

    Thanks for reaching out to Duplicator support!

    This is not a security issue with Duplicator and this is a false alert from the antivirus.

    If you prefer to help us investigate this, please provide us the antivirus log file so that we can check it.

    You may upload the antivirus log file to an uploading platform and share the file link in your next reply.

    Thanks!

    Thread Starter stephaniebruening

    (@stephaniebruening)

    Hi @mohammedeisa,

    thanks for your reply.

    I can share the info from the logfile from Avast. I copied the path and provided info because the file contains other personal data that I probably shouldn’t share in a forum?

    … archive.zip|>vorschau\wp-content\plugins\duplicator\views\packages\details\controller.php [L] Other:Malware-gen Trj

    That is the only thing that is reported in the log file. If I can provide any further data to the duplicator team only, please let me know. I would like the help solve the problem.

    Thanks so much, regards Stephanie

    Plugin Support mohammedeisa

    (@mohammedeisa)

    Hi?@stephaniebruening,

    Yes, please don’t post any personal data in this forum.

    You could contact Duplicator Support to investigate this issue:
    https://duplicator.com/contact/?form=1

    Thanks!

    Plugin Support mohammedeisa

    (@mohammedeisa)

    Hi @stephaniebruening ,

    I’m closing this ticket for inactivity. Please don’t hesitate to contact us in a new ticket if you need any help with Duplicator.

    Thanks! 

    Today I got the same prompt from Avast, after installing a backup locally: “Malware-gen [Trj]” in controller.php. It has been moved into quarantine.
    Duplicator Version 1.5.1

    The migration process seems to be successful nontheless.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Possible malware in controller.php’ is closed to new replies.