My virus scanner (F-Secure) blocks basic.js with the following error: Trojan-downloader:Js/Locky.048d331c81!Online, Locatie: hidden link
It's probably a false positive but it's really annoying since it pops up every time I try to edit or add a custom post (type). I'm also getting errors when I duplicated or deleted a post type.
I couldn't upload the types plugin either, I got a "this link is expired" error. I eventually uploaded it via FTP. I only had that problem with types, I could upload the access, views, forms and module manager without any problem.
Already tried to disable all plugins but that didn't work either.
It's not a plugin on the website that causes the alert, it's the virus scanner on my computer. F-Secure is the name of that virusscanner (so like Norton and McAffee, it's a pretty well known brand).
Is the browser supposed to download the file I mentioned when working on a custom post (type)?
I don't have this problem on my test site, just on this one client site.
Okay, I know it's a problem with this specific website. It wasn't updated for a long time (was still running on WP 4.4) so I updated everything before I started. When this problem occured, I uploaded WordPress core files (except for /wp-content) manually but it didn't solve the problem.
Can you or one of your colleagues tell me what's causing the problem (maybe from the error log)?
I tested this on a Windows 10 Machine and was not able to see any issues, no files were downloaded for me. It could be your browser configuration.
Could you try this on another pc if possible and let me know if the problem is still there as well ? Its a bit difficult to debug or confirm issues that we are not able to replicate or see.
Yes, the browser downloads the file to my PC. Well it's trying to, the download gets blocked by my virus scanner (which is F-Secure). The link to the file it's trying to download is in the first post.
I got an e-mail from the hosting company that they got a virus alert, so I let WordFence scan once more. Now it gave this error:
This file may contain malicious executable code: wp-content/plugins/wp-views/embedded/inc/wpv-condition.php
Type: File
Issue Found 24.08.2018 13:33
Critical
IGNORE
DETAILS
Filename: wp-content/plugins/wp-views/embedded/inc/wpv-condition.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file is a PHP executable file and contains the word "eval" (without quotes) and the word "base64_decode(" (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.