0

I am working on a Magento Project, version 1.9, which uses an extension called "Magenotification", while downloading the code to my local, my antivrus detected some files as "virus", my antivirus detected: PHP:Agent-RD [Trj]

Three files detected are located under Helper folder, here is the link to the repo:

https://github.com/nahidacm/magetheme/tree/master/app/code/local/Magestore/Magenotification/Helper

I have some questions:

  1. How can I decode this file?
  2. How can I detect if it actually contains a Trojan or if it was a false positive?

Thanks in advance for your help.

Eduardo
  • 1,781
  • 3
  • 26
  • 61
  • I suggest you raise it as an issue with the repository maintainer. I had a quick attempt at decoding one of the files and for the most part, it looks like a heavily obfuscated licensing check – Phil Mar 02 '18 at 04:11
  • I just used https://www.unphp.net/ and I can see the code, it seems fine. why would antivirus detect it as Trojan? – Eduardo Mar 02 '18 at 04:16
  • @Eduardo It's obfuscated code. Rather than trying to decode it and guess if it's malicious, the antivirus is just going to assume it is malicious. – SameOldNick Mar 02 '18 at 04:38
  • @ub3rst4r Probably you are right – Eduardo Mar 02 '18 at 04:39
  • @Eduardo When someone finds a suspicious looking package, should they just open it to see what's in it or assume it's a bomb and treat it as such? – SameOldNick Mar 02 '18 at 04:40
  • @ub3rst4r It is a good point. Since this site I am working has been running for some years I have to give some explanations if I want to decide it is a "99% bomb" and we need to change extension ;) – Eduardo Mar 02 '18 at 04:43

0 Answers0