In case others are seeing it, today, at a number of pages on the site Malwarebytes is throwing up a “riskware” potential threat block for a domain called jquerylab.pw (95.179.178.92). MBAM is not blocking any site pages, but apparently something else that sounds like a marketing info tracker. I’ve emailed Paul and reported it to MBAM.
Follow up: Paul replied: “It’s apparently happening to a lot of Wordpress based sites. Nothing there. We just did a safety scan.”
It’s still going on 24 hours later.
I have not received any alerts accessing the site on multiple machines, and not oddities in the site itself.
My eset antivirus keeps prompting me that it is blocking this potential risk as well.
Have never received warnings of any kind navigating the PSA site. I use McAfee on my windows laptop.
Well, something is going on if two anti-malware programs are responding the same way. MBAM support said he called PS Audio, but I don’t know who or what came of it.
Not seeing it at all here. Odd.
(using Malwarebytes Premium 4.1.2)
Elk, what anti-malware programs do those machines have? I’m writing MBAM again and letting them know the status of things.
Avast and Kaspersky
Clearly something is going on.
There is no risk. The site is clean. That’s a problem with Wordpress on many sites.
I didn’t think there is a risk, just endless pop ups. It’s your site
and your sub with Wordpress. What are they saying?
Gene
This would be annoying. Can you whitelist the site to avoid the warnings?
Not a bad idea for now, but for some reason MBAM is not recognizing the exception, even with the specific page address.
Not been a good luck couple of days with the website. Today, I tried to download the Grusin file, but the server doesn’t like IDM and sees it as trying to do two downloads, so I get none. I wonder if there’s something about the server’s programming that is causing it, because it is not usual, but for practical purposes IDM is trying to figure it out.
I get messages from my Norton antivirus, as I visit pages on your site, stating that it has blocked “Form Jacking Website 73”. This just started in the past couple of days.
Harry
Yes, there is no malware on the site but there is a bug in Wordpress that triggers the malware identification programs. It’s not just us, it’s all sites running on Wordpress.
According to someone I checked with, PS Audio’s site uses Cloudfare. What is the relationship between their software and WordPress?
Cloudflare kind of “hosts” our site with cache’d versions around the country for quicker access. The server itself is on Amazon web hosting.
Ok, then where does WordPress fit in?
Btw, I’ve posted the problem specifics on their forum, with a disclaimer that it’s posted there based on what I’ve been told.
The site is written on Wordpress
As a follow up to this problem here’s what our webmaster forwarded to me.
Last Thursday and Friday two customers reported that their virus software identified trojan malware on our site (Trojan Crycos 4109) - this was a false positive. The antivirus was identifying a file within WordPress itself as harmful and we were not infected with this malware.
Earlier this week, we started receiving complaints for a different malware (JS/Spy.Banker.FX), and that turned out to be legitimate. This morning I was able to identify and remove it. There was never any danger to our visitors.
Thanks to everyone who chimed in and helped identify a small problem that we were able to fix.