Sucuri alert: False positive?

[Nuno]

One domain on a package with several others has thrown up a malware alert from Sucuri. None of the others (4) show any malware in Sucuri checks.
Google Webmaster says all 5 are Malware free.

A manual check in File Manager shows nothing in the cgi-bin or ftpquota folders (the only folders).

The Host manually checked too and found nothing.
Is this a false positive or am I missing something? (All WP installs)
Ta.

 

[Faevilangel]

If they are wp installs, have you checked the theme files haven't been tampered with, checked the users on the account (the hackers like to create themselves a new user) and made sure all updates (wp and plugins) are upto date?

 

[andrewflower12]

i dont think so any problem in this case as no prob with google webmaster and malware check also didnt detect than it sounds any technical error over here ..

 

[Nuno]

If they are wp installs, have you checked the theme files haven't been tampered with, checked the users on the account (the hackers like to create themselves a new user) and made sure all updates (wp and plugins) are upto date?

There is nothing installed on the only one showing a malware alert: there is only a cgi-bin and a ftpquota folder.

The 4 WP installs are all up to date, reasonably secure (Better WP Security), and unchanged.

 

[Faevilangel]

I would keep an eye on it but seems to a be a false alert, these scanning programs aren't 100% perfect as a perfectly safe site can trigger the system with poorly built code.

 

[Fanatical IT Solutions]

You need to check inside the files themselves. There will be injected code in a file somewhere on the site.

If you download all the website files then zip it and send it to me I will have a look through them for you.

OR

You could restore the files from a backup prior to infection.

 

[Nuno]

As I said, there are two folders:
cgi-bin which is empty
ftpquota which has one file which has one digit in.

What do you suggest I check?

 

[The Wholesale Forums]

What I recommend is to put the file into a test in VirusTotal:
https://www.virustotal.com/en/

It will scan the file amongst all known antivirus programs. If about half of them says there's malicious content, then the file might be indeed malicious. If it's just about one or two, likely that it's a false positive.

Be sure that there are no hidden files in those folders, and check each file (though likely that it's the file inside ftpquota.

All the best,
Erik

 

[Nuno]

Thanks Eric,
Totalvirus gave a 0/46 (all green, no malicious content at all).