Kaspersky
Question

Kaspersky blocking website, detected as HEUR:Trojan-PSW.Script.Generic


For over two months now KTS has been blocking this website:
https_://stilldragon.com/    [link disabled]

I am using google Chrome Version 83.0.4103.61 (Official Build) (64-bit)

I can find no way around this outside of turning KTS off.  I can open it in TOR no problem.

 

Object URL:

https://stilldragon.com/

Reason: the object is infected by HEUR:Trojan-PSW.Script.Generic

Message generated on: 6/9/2020 1:04:01 PM

 

Can you look into this issue?

 


19 replies

Userlevel 7
Badge +10

Hello @Franco8

You’re most welcome!

Personally, no, we cannot → the Community cannot answer your questions, beyond what we already have. 

  1. Have you tried a different code? 
  2. We’ve asked you if you have a Kaspersky subscription license & received no reply; if you do, log a case with Kaspersky Technical Support & battle it out with them

 

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.

:arrow_forward: Please share the outcome with the Community when it’s available? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

9,366,385 websites in Internet use Google Tag manager. Can you confirm KAV sees all of them as viruses? Or is there anything that makes the tracking code mentioned above special?
Userlevel 7
Badge +10

What part of the code do you find malicious?

 Hello @Franco8

The Kaspersky Virus Analysts have advised: 

  • GTM with id GTM-MJDW8PM is malicious. The whole part using this gtm should be removed.

Thank you:pray_tone3:

Flood:whale:+:whale2:

Событие :    Загрузка остановлена
Пользователь : 
Тип пользователя :    Активный пользователь
Имя программы :    firefox.exe
Путь к программе :    C:\Program Files\Mozilla Firefox
Компонент :    Веб-Антивирус
Описание результата :    Запрещено
Тип :    Троянская программа
Название :    HEUR:Trojan-PSW.Script.Generic
Точность :    Эвристический анализ
Степень угрозы :    Высокая
Тип объекта :    Файл
Имя объекта :    data0000
Путь к объекту :    https://www.googletagmanager.com/gtm.js?id=GTM-MJDW8PM//
MD5 :    D0A55983032E397E8C4009A31290C94A
Причина :    Экспертный анализ
Дата выпуска баз :    Вчера, 26.02.2021 20:13:00

Userlevel 7
Badge +10

Hello @Wesly.Zhang

@Franco8 is not interested in stilldragon. 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 7
Badge +5

Hello @Wesly.Zhang

Which links did you test? 

Thank you:pray_tone3:

Flood:whale:+:whale2:


Hello,

It is stilldragon.com.

Regards.

Userlevel 7
Badge +10

Hello @Wesly.Zhang

Which links did you test? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 7
Badge +5

Hello,

This issue has been solved right now. This website could be accessed. Could you check it now?

Regards.

Userlevel 7
Badge +8

@Franco8 With a paid product you can obtain direct assistance from the Kaspersky Technical Support Team :

https://my.kaspersky.com/techsupport#/requests/new 

Userlevel 7
Badge +10

I am the website manager, but I can’t remove a default Google Tag Manager code. Millions (if not billions) of websites use it. 

Hello @Franco8

Do you have a Kaspersky software subscription/license? 

Please let us know?

Thank you:pray_tone3:

Flood:whale:+:whale2:

I am the website manager, but I can’t remove a default Google Tag Manager code. Millions (if not billions) of websites use it. What part of the code do you find malicious?

Userlevel 7
Badge +4

“Remove what? The Google Tag Manager?”

 

If the are The Webmaster, please remove the above code from your website. If the website does not belong to you, please contact the webmaster of the site and inform them of the malicious code that is in the website. 

Remove what? The Google Tag Manager?

Userlevel 7
Badge +10

Hello @Franco8,

Virus analysts provided the following response:

qte:

This is not a false alarm. This site is infected. Here is the malicious code:

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

unqte

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 7
Badge +10

Could you please have a look at keywestaloe.com? The Tag on the website does not have var_ or anything like that… any advice?

Hello @Franco8

Welcome!

It may be a false positive, we’ve submitted it for analysis & logged a case with Kaspersky.

We’ll update you when they respond

 

 

 

 

 

 

 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Guys, I am having a similar issue . Could you please have a look at keywestaloe.com? The Tag on the website does not have var_ or anything like that… any advice?

Userlevel 7
Badge +10

Hello @rgreen2002,

No apology necessary, we’re happy to help:slight_smile:

Kaspersky experts, Sent: Wednesday, 10 June 2020 16:58, have advised:

Quote

The detection is correct, the partial malicious codes is as follows:

 

The script connects and injects the blocked object into one's computer to steal cookies and website credentials.

Please advise the webmaster to remove the code from the page.

unquote. 

Thank you:pray_tone3:

Flood:whale:

Berry,

Sorry for the post and thanks for the direction.

Much appreciated..

 

Userlevel 7
Badge +8

@rgreen2002  Please contact K-Lab Technical Support https://center.kaspersky.com
who will confirm or deny a False Positive.

Also , please don’t submit potential dangerous  sites on this Forum
FYI this community cannot  fix this issue.

 

Reply