Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem with my website


  • Please log in to reply

#1
YusufZ

YusufZ

    Member

  • Member
  • PipPip
  • 18 posts
About 4 years ago, I made a website for a local glass company using Frontpage. I recently visited the site using the company's computer, and I suspect that a virus is somehow being distributed from the site. How can I get rid of the virus that is being sent from the site?

The domain name is http://www.orangemirrorandglass.com

Thanks!
  • 0

Advertisements


#2
Spike

Spike

    nOoB

  • Member
  • PipPipPipPip
  • 1,351 posts
Ok, exactly which page does the virus popup??? is it a ".wmf" file???
  • 0

#3
YusufZ

YusufZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'm not exactly sure. I just get a bunch of warning messages saying that theres been a virus.
  • 0

#4
Spike

Spike

    nOoB

  • Member
  • PipPipPipPip
  • 1,351 posts
Ok, well when you have found the page that the virus comes up on, all you have to do is replace the "infected/hacked" .html with a new one. Try to make it from scratch (just the infected/hacked) dont use any backup files of that file, becasue it may be infected/hacked too.

You can also look out for new files on your site mostly look for .exe, .com, .wmf, ect. download them and your anti-virus should pick up if it is a virus or not.

Goodluck :tazz:
  • 0

#5
james_8970

james_8970

    Trusted Tech

  • Retired Staff
  • 5,084 posts
ok i don't know to much on this topic but if you have norton you can right click on the folder and click scan the folder. I'm not sure if this will work however it's worth a shot because if it does it'll save you alot of time!
So it's worth the try in my words, and if it does pick it up don't let norton remove it as it'll remove the front page file, rather just copie the file name and use find in front page under the html code.
  • 0

#6
Spike

Spike

    nOoB

  • Member
  • PipPipPipPip
  • 1,351 posts

ok i don't know to much on this topic but if you have norton you can right click on the folder and click scan the folder. I'm not sure if this will work however it's worth a shot because if it does it'll save you alot of time!
So it's worth the try in my words, and if it does pick it up don't let norton remove it as it'll remove the front page file, rather just copie the file name and use find in front page under the html code.


Hi, unforunatly i cannot scan any folder since I have no actuall access to his FTP, it would also not be able to clean the infected/hacked page also beacuse of the fact that I have no access.

In most casses the virus is not on the actuall page, its just code written on the page redirecting you to another page where the virus is. So it might not even be possible to do a virus scan. We have to know exactly what page it is and view the source.

I have been helping a few others and it seems that the virus wich is on the page, is triggered by malesious code, they also noticed that there was a new counter on there page, which consisted of the code.

So do you have any counter on your page????

Cool :tazz:
  • 0

#7
YusufZ

YusufZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'm pretty sure the virus is on the home page. Also, I didn't notice a counter.

Edited by YusufZ, 15 January 2006 - 01:59 PM.

  • 0

#8
YusufZ

YusufZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Can anyone help with this?
  • 0

#9
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
The code on that page, although horribly ugly, does not pose any threat. The only thing that I am not sure of is the iframe that loads at the top, what is that for?

ScHwErV :tazz:
  • 0

#10
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Upon closer inspection, it appears to be the iframe at the top that is giving fits. I didnt get any kind of virus when I loaded the page that it wanted to load, but it does go to a site that is there for advertising. Every hit on your page is a hit on theirs and they get paid for that. You just need to remove the first line in the code after

<iframe

Then you must go through and install all updates for your server, change all your passwords, and check to see if you have any viruses/rootkits on the server.

Have fun

ScHwErV :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP