<iframe injection> attack through ftp

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Eklavya, Aug 21, 2009.

  1. Eklavya

    Eklavya Private E-2

    Hello,

    My website was recently attacked by <iframe> injections. As a result Google put it into the list of suspicious websites. On searching the internet and inquiring from my webhost, I came to know that some malicious malaware was using my ftp access (from the computers I used) and was replacing the index.htm/php files of my websites with an <iframe> containing page.

    Though my webhost support removed all the instances of that <iframe> from my websites pages, they advised me that it happened from my own computers and I should scanned my PC for all such infections.

    I use two PCs for my ftp access. One is at my home, the another one is at my office (both have XP professional installed). The PC at office was not using any antivirus whereas my home PC has full functional AVG 8.5 installed. Therefore, I thought that the malicious malware must be in my office PC as it was not protected. So I sent this PC for a complete reformatting and fresh install to remove all instances of this malware. As a further protection, I run a full system scan of my home PC using AVG 8.5. After doing this, I was hoping that this problem was solved.

    However, just after two days my website was again banned by Google for spreading a malicious virus. This time a different <iframe> Injection was used to insert the malicious code in all the index pages.

    As I have already reformatted my Office PC, the only place where this culprit is hidden must be my home PC (which is having a fully functional licensed copy of AVG 8.5 installed). It was a bit shocking for me that my AVG 8.5 is not able to protect (or even detect ) this malaware from my PC.

    Now as advised in this and this majorgeek articles I have installed five anti spyware viz. SUPERAntiSpyware, Malwarebytes Anti-Malware, Combofix, Rootrepeal and MGTools and have run/clean my home PC using them.

    Please find attached scan logs of these tools and advise whether everything seems Ok in my computer or I still needs to do some more cleaning of my system to get rid of any malicious walware.

    The four logs attached are for : SUPERAntiSpyware, Malwarebytes Anti-Malware, Combofix and Rootrepeal.
     

    Attached Files:

    Eklavya, Aug 21, 2009
    #1
  2. Eklavya

    Eklavya Private E-2

    Further, as we are allowed to attached 4 files one time, here is the last scanlog for MGTools.
     

    Attached Files:

    Eklavya, Aug 21, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like the scans took care of the malware. What issues are you still having?

    You can delete these:
     
    TimW, Aug 24, 2009
    #3
  4. Eklavya

    Eklavya Private E-2

    Thanks for reviewing my logs. Yes the problem appears to end after these scans.

    Thanks a lot to MajorGeeks for providing such excellent and detailed tutorials in the matter.

    Regards

    Eklavya
     
    Eklavya, Aug 28, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:


    And you are most welcome.....safe surfing. :)
     
    TimW, Aug 28, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds