Computer Related > Malware	Miscellaneous
Thread Author: BiggerBadderDave	Replies: 27

New Fri 12 Mar 10 10:03   Malware - BiggerBadderDave

It's come to my attention that my website appears to contain "malicious malware" A warning message comes up when I try and view it. What is it, how's it got there, what can I do to fix it really quickly? I'm a real thicko when it comes to things like this, I don't know anything about it at all Reply to this message | Report message

New Fri 12 Mar 10 10:11   Malware - LEDFoot

what's your site? We can have a quick look for you. Often this can happen if you have vulnerabilty in your code which can leave you open to SQL injection. contact forms are often a favourite target for this as websites generally save those details into a database somewhere, likewise if your'e using a opensource cms such as wordpress etc and it's not latest version - you can be open to exploits. (sometimes even if is latest version :( ) -- as people spend alot of time trying to exploit any loopholes in these systems as they know they have a ready stack of sites they can try and hack. Can also, easily happen if you allow people to upload files and u don't check well enough. Furthermore, unfortunately this can often happen if u are on shared hosts and one of the others sites get compromised :( Last edited by: LEDFoot on Fri 12 Mar 10 at 10:13 Reply to this message | Report message

New Fri 12 Mar 10 10:20   Malware - BiggerBadderDave

It's www.euro-design.info There is a contact form on there but I also allow one particular client to use my ftp where all my website stuff is stored and there is a lot of stuff up-loading and down-loading daily... cheers! Reply to this message | Report message

New Fri 12 Mar 10 10:23   Malware - Focusless

BBD- doesn't answer your question, but on this page: www.euro-design.kei.pl/what_we_do.html I can only see the lower half of the top line of text - the upper half is hidden behind the browser frame. I'm using Firefox under linux. Let me know if you want a screenshot. EDIT: same happens on a couple of other pages Last edited by: Focus on Fri 12 Mar 10 at 10:24 Reply to this message | Report message

New Fri 12 Mar 10 10:27   Malware - Focusless

...sorry, forgot to say that I didn't get any warnings. Reply to this message | Report message

New Fri 12 Mar 10 10:39   Malware - BiggerBadderDave

Focus, for some reason this happens from time to time with some pcs, I think it was something to do with screen width. I meant to get round to sorting it but it works ok on Macs which are mainly used in my business. Interestingly, I get the Malware warning on one of my Macs but not on the other... As I say, I know nothing when it comes to these things! Reply to this message | Report message

New Fri 12 Mar 10 10:46   Malware - Focusless

>> Focus for some reason this happens from time to time with some pcs I think Fair enough - just thought you ought to know, as I feel it undermines the "All the design work is closely overseen by Dave whose experience and eye for detail ensures that standards are maintained throughout the duration of the project". The overall effect looks good though to my non-designer eye. Reply to this message | Report message

New Fri 12 Mar 10 10:50   Malware - Focusless

Actually I think there's a bigger problem on the Contact page: www.euro-design.kei.pl/contact.html The first line of text I can see starts with "questions, please don't hesitate to contact us" which implies I'm missing a whole line of text above it. Reply to this message | Report message

New Fri 12 Mar 10 10:55   Malware - Iffy

...I think there's a bigger problem on the contact page... Focus, This is what I am seeing: If you would like to talk to us about a particular project or if you have any comments or questions please don't hesitate to contact us. Reply to this message | Report message

New Fri 12 Mar 10 10:59   Malware - car4play

The warning is customizable in Safari: .. and don't get funny ideas about putting images in posts. We will allow this at some point in a more measured way! EDIT: ".. in a really simple way". Last edited by: car4play on Fri 12 Mar 10 at 11:03 Reply to this message | Report message

New Fri 12 Mar 10 10:41   Malware - Iffy

..www.euro-design.kei.pl/what_we_do.html... I've just had a root around the site and all appears to be working well for me. Everything rendered as it should be and no warnings. Using XP Pro (I should be working!) and the latest version of Firefox downloaded this morning. The site looks quite smart, I thought. Reply to this message | Report message

New Fri 12 Mar 10 10:35   Malware - LEDFoot

We can see the javascript in the bottom of your homepage. just view the source and you'll see it. (very last thing except for the comment) So you should just be able to remove it. Seems to be only on the homepage. (but i've not checked all of them.) question is : how did it get there? No point bailing water if you haven't plugged the hole... Reply to this message | Report message

New Fri 12 Mar 10 10:53   Malware - BiggerBadderDave

"Fair enough - just thought you ought to know, as I feel it undermines the "All the design work is closely overseen by Dave whose experience and eye for detail ensures that standards are maintained throughout the duration of the project"." Very true and completely inexcusable of course, I will sort it when I just get that quiet moment! "The site looks quite smart, I thought." Thanks ifithelps, it's my first and only attempt at creating a website. "We can see the javascript in the bottom of your homepage. just view the source and you'll see it. (very last thing except for the comment) So you should just be able to remove it." ...sorry, how do I do that....? Reply to this message | Report message

New Fri 12 Mar 10 11:31   Malware - Iffy

...The site looks quite smart, I thought." Thanks ifithelps, it's my first and only attempt at creating a website... I'm no designer, but there must be a temptation to try too hard. Your site looks clean and simple, which I think appeals to most people. The prose also appealed to me. Not too much of it, short sentences, simply constructed. Again, this is the most effective way to communicate with the highest number of people. An old saying in newspapers is no more than 17 words in a sentence. Last edited by: ifithelps on Fri 12 Mar 10 at 11:32 Reply to this message | Report message

New Sat 13 Mar 10 10:23   Malware - LEDFoot

>> ...sorry how do I do that....? >> sorry only just noticed your question there. The script is in the html of the homepage. Assuming the home page isn't getting dynamically generated...(doesn't look like it is) you can just edit your 'index.htm' page. Connect to your webserver in the normal way you do it (ftp or through a web interface) 'index.htm' should be there in the top directory once you've connected. Editing the file: You will have to select everything in the script tag at the bottom and delete it. Basically it looks like this: (substitute the symbol's [ & ] for < & > ) ---------------------- [script] nasty code [/script] ----------------------- (delete everything between the dotted lines) Resave and you're done. that will at least stop the messages in the short term. Last edited by: VxFan on Sat 13 Mar 10 at 11:28 Reply to this message | Report message

New Sat 13 Mar 10 10:34   Malware - LEDFoot

Sorry I wrote something between the dotted lines in my last post but the forum wiped it out. That's to stop people injecting nasty scripts into this site of course!! This link shows an example of the script tag. www.w3schools.com/TAGS/tag_script.asp So just delete everything inside this tag, and the tag itself. Sorry, feel I could have said all this more succinctly but hopefully it makes sense. Reply to this message | Report message

New Sat 13 Mar 10 11:29   Malware - VxFan

>> Sorry I wrote something between the dotted lines in my last post but the forum wiped it out. Sorted it out for you. VxFan - Mod. Reply to this message | Report message

New Sat 13 Mar 10 19:05   Malware - LEDFoot

thanks :) Reply to this message | Report message

New Fri 12 Mar 10 10:49   Malware - LEDFoot

I'd be suspicious of your contact form as it doesn't seem to be doing any validation. Hard to know without seeing the underlying code (the 'mailer.php' script you're using) I wouldn't rule out the shared hosts being compromised though either. If you're really stuck maybe you could email Stephen (my Gaffa) the proprietor of this very site as he's lots of experience with security/website hardening (and can offer hosting -- if you're really really stuck) Reply to this message | Report message

New Fri 12 Mar 10 10:55   Malware - BiggerBadderDave

Many thanks LEDfoot, I think I might just do that, I was thinking of changing hosts... Reply to this message | Report message

New Fri 12 Mar 10 11:02   Malware - car4play

Yeah - no problem. Of course car4play mates' rates. Reply to this message | Report message

New Fri 12 Mar 10 11:43   Malware - Statistical Outlier

BBD, nice site, but in the 'What we've done - Marketing' page I get an error that Sophos has detected: Virus/Spyware Troj/JSRedir-AR More info here: www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirar.html Reply to this message | Report message

New Fri 12 Mar 10 13:24   Malware - borasport

just browsing to your home page and straight away ESET/Nod32 gives a warning ! JS/TrojanDonwloader.Agent.NRV Trojan Reply to this message | Report message

New Fri 12 Mar 10 13:49   Malware - LEDFoot

Yes, the script in the home page footer is running away to a russian URL which is trying to download the trojan to visiters machines. So if you're not sure, I wouldn't recommend checking it out (till BBD's got it fixed at least) Reply to this message | Report message

New Fri 12 Mar 10 15:06   Malware - ....

Google have produced a report on your Russian visitors. google.com/safebrowsing/diagnostic?site=recentmexico.ru/&hl=en Reply to this message | Report message

New Sat 13 Mar 10 22:28   Malware - BiggerBadderDave

This should be sorted now. I don't know why I didn't think of it before, I just trashed the whole lot and uploaded it from my back-up files. Seems to have worked... Now can someone explain why my microwave and normal oven both died on the same day? I'm beginning to think old Indian burial ground... Many thanks to all who took the time and effort to give me advice Dave Reply to this message | Report message

New Sun 14 Mar 10 08:13   Malware - MD

Works for me Dave. Nice site. MD Reply to this message | Report message

New Sun 14 Mar 10 10:40   Malware - Zero

>> day? I'm beginning to think old Indian burial ground... In Poland? wow, now that could be a money spinner, let along change the way we thought about human migration and evolution. Reply to this message | Report message