[Robert Tracy]

Years ago I built a site for some buddies I served with in Vietnam. Got an email from a member saying he got a Trojan when he went there. So I checked and sure enough I got it.

Now I downloaded CCleaner and ran it, but don't see how that does any good. It doesn't remove the virus from the site.

How can I fix that site? I don't know how to find the source of the thing.

If you dare, see what happens when you visit the site: First Military Police Battalion

Research says it's not dangerous, but who wants to visit the site when they get this thing (Trojan, virus?)? I hesitate to go back to find out exactly the name of the thing, but will do so if requested

Thank you,

- Bob

Edited by ScHwErV, 09 October 2007 - 11:19 AM.
Removed link to infected website

[Advertisements]

First things first. I did move your thread to the web design forum. This is really a website issue and you aren't asking for specific malware removal.

Second, this is now a web design thread, anyone responding to this thread should remember that. Malware removal advice is to be given by trained staff only. If you have advice on making sure something isn't on his page, thats fine.

Finally (and should be the only specific malware advice in this thread), CCleaner is a temp file cleaner. It is in no way a malware removal tool. You should post a new thread in the Malware removal forum after following the advice in this thread. That way we can get your computer clean. The Malware removal folks will take care of your computer, the folks in this thread can help you with your website.

ScHwErV

[ScHwErV]

First things first. I did move your thread to the web design forum. This is really a website issue and you aren't asking for specific malware removal.

Second, this is now a web design thread, anyone responding to this thread should remember that. Malware removal advice is to be given by trained staff only. If you have advice on making sure something isn't on his page, thats fine.

Finally (and should be the only specific malware advice in this thread), CCleaner is a temp file cleaner. It is in no way a malware removal tool. You should post a new thread in the Malware removal forum after following the advice in this thread. That way we can get your computer clean. The Malware removal folks will take care of your computer, the folks in this thread can help you with your website.

ScHwErV

[ScHwErV]

As a side note, I got no infections, nor scripts by going to your site. I have tools that stop scripts from running and they didn't throw a fit when I went to your site. When I clicked on the link (which I would remove immediately if I were you), I got some errors, but not on your main site.

[thenotch]

The first step is to visit your site and then do a view source of every HTML document to see what they are trying to load. If the trojan is embedded in the code is should show up in the code unless the person is very clever in which case you have a few options:

1. Take a chance and download the HTML files and edit them locally to determine the location and source of the trojan code within the document and then eradicate it and upload the new document.

2. Do a Google search for a HTML differences tool and then do a comparison.

3. Find your original documents and update the site with the originals and update and content as necessary. I ALWAYS make a backup of my sites and save them to a external drive for use later and in cases such as you are describing.

[ScHwErV]

Its actually clearly written in the code. It pops up in java, but it doesn't run. I think the original site that it linked to must be down, because its not doing anything now.

Code is still there tho. PM me and Ill tell you how to remove it. If you are no longer the web admin, have the new web admin contact me and Ill help him remove it.

Also, make sure you change all passwords to the website (ftp information) and contact your Web host so that they can take necessary measures with other websites hosted by them. This breach of security may not have come through your website. Another website hosted on the same box may have an old script that has a security hole and allowed the hacker to have full access to the box.