Virus on our Website and NOT on our PC

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jaysonnhs, Apr 22, 2008.

  1. Jaysonnhs

    Jaysonnhs Private E-2

    We have a virus or worm or whatever - TrojanDownloader:JS/Psyme.gen - on our website and cannot get rid of it. We've hired 3 developers and have not had any luck. The script keeps coming back and is located on all of our .index pages.

    Our website is currently down (and killing us) - any help would be appreciated.

    We need to remove it from the site and I just can't find anyone/anything that can help. I've tried nearly a week of searching and nothing - please help
     
    Jaysonnhs, Apr 22, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    There is not much we can do for you with this. We could suggest that you run some antivirus scanners to see if they detect the problem, but in many cases the result would most likely be a deletion of the files. From what you are saying, it sounds like your webfiles have some lines of code in them that needs to be removed. You probably have to do this in everyfile for your website. The tools we run are really meant to work on a PC being infected. If the files used in the design of your website are on your PC, then scanning your PC is about the best suggestion we can make. But please remember that the result could be the deletion of the files that are found to be infected which would result in breaking your website unless you have clean backups to restore from.

    How did you found out about this issue? Are people reporting that after they access your webpages that their antivirus is detecting the infection in their browser cache (which is where this most frequently shows up). Things like the below are examples of what may be found.

    Virus:VBS/Psyme.gen Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8B3Z6SD1\counter[1].chm[counter.htm]
    Virus:Trj/Dropper.BA Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8B3Z6SD1\counter[1].chm[installer.exe]
    Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8B3Z6SD1\counter[1].php
    Virus:VBS/Psyme.gen Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8B3Z6SD1\counter[2].chm[counter.htm]
    Virus:Trj/Dropper.BA Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8B3Z6SD1\counter[2].chm[installer.exe]
    Dialer:Dialer.BEW Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O92Z01MZ\access[1].htm


    What antivirus program is running on the PC (or PCs) where your web development is performed? Are those PCs clean?
     
    chaslang, Apr 24, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds