need to remoe some virus/threats from a website


hello group,

I was checking a website (given to me to fix) and I noticed when I browse or get to a page having images AVG throws a message showing the path/image file name claiming :

"exploit link to known exploit site"

What is this ?
How can I clean it ?

Thanks,
ak
akohanAsked:
Who is Participating?
 
lherrouCommented:
akohan,

It sounds like you've been hit by an iframe injection or something similar.

There's some good information in this previously asked question:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Server_Anti-Virus/Q_24089228.html

In general, you are going to need to examine all of the files on your web server, and remove any iframes or links that don't belong. The fastest way to do this is to overwrite the web files with a clean version from your local system - but beware, sometimes it's your local system that's infected, and you are transmitting it to the website (had a client with that problem just last month - I spent a day cleaning up his website, only for him to re-connect and re-infect it all).

You also need to change your web hosting passwords, and you may need to work on cleanup with your hosting provider - they need to help determine how the attackers got in, so they don't come back and re-install the nasties again. If you have any forms, a Content Management System or shopping cart, etc, they may be getting in that way, so you'll need to check that code to make sure they can't come back.

Hope that helps,
LHerrou
0
 
Mike_CarrollCommented:
Download and scan with MBAM here... http://www.malwarebytes.org

Sounds like some sort of redirector or hijack.
0
 
akohanAuthor Commented:

do you mean I have to scan/clean server?

thanks,
ak
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.