[YusufZ]

About 4 years ago, I made a website for a local glass company using Frontpage. I recently visited the site using the company's computer, and I suspect that a virus is somehow being distributed from the site. How can I get rid of the virus that is being sent from the site?

The domain name is http://www.orangemirrorandglass.com

Thanks!

[Advertisements]

Ok, exactly which page does the virus popup??? is it a ".wmf" file???

[Spike]

Ok, exactly which page does the virus popup??? is it a ".wmf" file???

[YusufZ]

I'm not exactly sure. I just get a bunch of warning messages saying that theres been a virus.

[Spike]

Ok, well when you have found the page that the virus comes up on, all you have to do is replace the "infected/hacked" .html with a new one. Try to make it from scratch (just the infected/hacked) dont use any backup files of that file, becasue it may be infected/hacked too.

You can also look out for new files on your site mostly look for .exe, .com, .wmf, ect. download them and your anti-virus should pick up if it is a virus or not.

Goodluck

[james_8970]

ok i don't know to much on this topic but if you have norton you can right click on the folder and click scan the folder. I'm not sure if this will work however it's worth a shot because if it does it'll save you alot of time!
So it's worth the try in my words, and if it does pick it up don't let norton remove it as it'll remove the front page file, rather just copie the file name and use find in front page under the html code.

[Spike]

ok i don't know to much on this topic but if you have norton you can right click on the folder and click scan the folder. I'm not sure if this will work however it's worth a shot because if it does it'll save you alot of time!
So it's worth the try in my words, and if it does pick it up don't let norton remove it as it'll remove the front page file, rather just copie the file name and use find in front page under the html code.

Hi, unforunatly i cannot scan any folder since I have no actuall access to his FTP, it would also not be able to clean the infected/hacked page also beacuse of the fact that I have no access.

In most casses the virus is not on the actuall page, its just code written on the page redirecting you to another page where the virus is. So it might not even be possible to do a virus scan. We have to know exactly what page it is and view the source.

I have been helping a few others and it seems that the virus wich is on the page, is triggered by malesious code, they also noticed that there was a new counter on there page, which consisted of the code.

So do you have any counter on your page????

Cool

[YusufZ]

I'm pretty sure the virus is on the home page. Also, I didn't notice a counter.

Edited by YusufZ, 15 January 2006 - 01:59 PM.

[YusufZ]

Can anyone help with this?

[ScHwErV]

The code on that page, although horribly ugly, does not pose any threat. The only thing that I am not sure of is the iframe that loads at the top, what is that for?

ScHwErV

[ScHwErV]

Upon closer inspection, it appears to be the iframe at the top that is giving fits. I didnt get any kind of virus when I loaded the page that it wanted to load, but it does go to a site that is there for advertising. Every hit on your page is a hit on theirs and they get paid for that. You just need to remove the first line in the code after

<iframe

Then you must go through and install all updates for your server, change all your passwords, and check to see if you have any viruses/rootkits on the server.

Have fun

ScHwErV