Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome says there's malware on my website


  • Please log in to reply

#1
Richiiee

Richiiee

    Member

  • Member
  • PipPip
  • 78 posts
Sorry if this isn't the right place to post this, I wasn't sure if this was more of a malware problem or a web problem.

Google Chrome says malware is detected on my website whenever I try to go to a certain link. It's weird because it came out of no where. It was fine about a week ago, and I haven't updated my website since then. I'm not sure if it's actually been infected somehow or if it's a glitch with Google Chrome. I tried using CCleaner to clean out everything but it still says there's malware and that I should proceed under my own risk. I use Webpage Maker to update my website and put it online. The website is Edit:link removed , and I get the malware message when I try to click on the Personal Portfolio or Corporate Portfolio links, but the homepage and the About Me pages are fine. What should I do? Thanks.

Edited by dsenette, 13 May 2010 - 07:47 AM.

  • 0

Advertisements


#2
FNP

FNP

    Member

  • Member
  • PipPipPip
  • 606 posts
Richiiee-

I just checked out the link using Chrome- it looked clean to me. I suggest taking a look at the Malware and Spyware Cleaning Guide. This will help you disinfect the majority of malicious software from your system. If that doesn't solve your problem, post a new thread in the Virus, Spyware and Trojan Removal Forum.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to this thread and we will pursue other options to help you solve your current problem(s).

Sweet av, by the way :)
  • 0

#3
Johanna

Johanna

    The Leather Lady

  • Moderator
  • 3,038 posts
It's not clean.


Trojan is Win32/Hiloti.gen!D
Resources:
process:
pid:728

process:
pid:2380

process:
pid:3320

regkey:
HKCU@S-1-5-21-3139282774-3364285784-4112529749-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Wyucutowu

regkey:
HKCU@S-1-5-21-3139282774-3364285784-4112529749-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Osajifi

runkey:
HKCU@S-1-5-21-3139282774-3364285784-4112529749-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Wyucutowu

runkey:
HKCU@S-1-5-21-3139282774-3364285784-4112529749-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Osajifi

file:
C:\Users\Johanna\AppData\Local\qlecfc.dll

file:
C:\Users\Johanna\AppData\Local\oxogesag.dll

I don't have permission to remove the bad link from the OP.
Johanna

Edited by Johanna, 12 May 2010 - 06:30 PM.

  • 0

#4
FNP

FNP

    Member

  • Member
  • PipPipPip
  • 606 posts
Well, take my foot and shove it in my mouth. It is. The first time I went to the URL, and it was fine. Clicking on link sent my avast! into shouting-at-me-mode.
  • 0

#5
Richiiee

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
So, what's next? If I make a thread about being infected, that will only help me clean my computer, won't it? I don't want anybody else who goes to my website to get infected with it so I want to find out how to clean my website too. (Already tried deleting every single file off my FTP account and re-uploading them by the way).

Edited by Richiiee, 15 May 2010 - 05:40 PM.

  • 0

#6
Johanna

Johanna

    The Leather Lady

  • Moderator
  • 3,038 posts
Well if you downloaded and deleted the files off the server, then uploaded the same files, of course the problem exists still if it's in your files. You need to check your files or any third party material your site is using. If everything seems ordinary, you need to contact your webhost. The problem may exist on their level.
Johanna
  • 0

#7
xmephistox

xmephistox

    Member

  • Member
  • PipPip
  • 42 posts
Is this fixed?

The problem sometimes originates from a trojan on your PC, that will use your ftp login to upload modified and infected files.
Usually they add encoded/encrypted javascript that connects to the malware sites infecting your visitors.
It is just one line usually loading an external javascript.
The only way to get rid of this is to get your PC clean first.
You also better change your ftp password ASAP because that has been compromised.
And if your ftp program has the option to password protect the logins/site manager then better do so.
After your PC is clean, and certified to be clean, you should go through all your site's file and remove the javascript manually.
Pretty tedious. Just be careful that you do this while offline if you want to check the pages in a browser.
The javascript itself is harmless, I mean it is not a trojan or anything.
It just downloads trojans from other sources. If you're offline it can't.
So you can just remove it.
Just look for any javascript you didn't add yourself and delete it.
Just reuploading your files is not gonna solve it, you have to check each and every one of them.

It might be a good idea to talk to your host and ask if they have been hacked recently, that's another way in which this spreads.

I didn't see your site so I have no idea what it is, html, php or whatever. If you're running Wordpress or any other CMS get the latest update before reinstalling.

And be careful with what advertising services you use, a lot gets spread via those via javascript or via flash.
Some of them promise a lot and deliver even more!

Edited by xmephistox, 07 June 2010 - 11:54 PM.

  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP