What do you do when your website gets infected?

Discussion in 'Malware Help (A Specialist Will Reply)' started by hankyknot, Jun 27, 2008.

  1. hankyknot

    hankyknot Corporal

    A couple of years ago I translated a website for a client and started hosting it on a rented server. Today i went to the site and got an alert from AVG that the site is infected with Framer.Z

    Now I hevn't made any changes to the site for over a year and I got no such alert yesterday.

    How do I go about cleaning my site while its on someone elses server and how on earth did the site get infected in the first place?

    I actually ended up moving the hosting after getting really poor service from the hosting company but I cant find the original site on my hard drive so I'm left with downloading it from the previous host but if its infected I really dont want to do that.

    Any ideas?

    The site is chaletetoiledemerDOTcom
     
    hankyknot, Jun 27, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are infections at this web page. Either they were there from when you designed it or someone or something modified your scripts. I get quite a few detections on the first two pages just using McAfee. JS/Spy-Agent.bw.dldr Trojan, Exploit-IFrame Trojan, and VBS/Psyme Trojan. In fact if I just let the main page sit in IE for awhile and your scripts are rotating images, IE will crash.

    You need check out your code to make sure it was not modified and if not, you then need to modify your code because whatever you wrote in the javascripts and html code is considered bad.

    Also see the below for some addition info:

    http://www.bobistheoilguy.com/forums/ubbthreads.php?ubb=showflat&Number=1140472
    http://freeforum.avg.com/read.php?4,120492,sv=

    Below is a snapshot of what McAfee saw on the main page.
    trojans.jpg
     
    chaslang, Jun 27, 2008
    #2
  3. hankyknot

    hankyknot Corporal

    Thats the bizarre thing, all we did was copy the pages, rename them, translate the text and update the links and there were no problems at all. My system was scanned regularly when we were working on the site and as recently as Monday I visited the site and no alerts whatsoever. Then suddenly yesterday, all hell breaks loose.

    I will delete the site and post a temporary page until I get to teh bottom of this.

    Thanks for your help
     
    hankyknot, Jun 27, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Good idea as some of what I was seeing there could be pretty nasty.
     
    chaslang, Jun 27, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds