-
May 4th, 2010, 12:51 AM
#1
Member
Malware detected on website, need to remove
My friends website seems to have malware on it, however, I am unsure exactly how to remove it. They are using a javascript which reads from another infected site, and this in turn loads the malware. the function seems to be obfuscated in some way. Also, this javascript is present on any page which I view on the website. Sorry for vague details, but the function starts like this
Code:
<!-- Google analitics BEGIN -->
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
After which there is a large section which doesnt make any sense. The main thing is actually finding exactly where they've inserted the function, as its not just inserted simply on index.php. If someone very trusted is willing to help me out, I can discuss more in private.
-
May 4th, 2010, 08:46 AM
#2
My friends website seems to have malware on it, however, I am unsure exactly how to remove it.
Why bother?..........................until you have found and fixed the site's vulnerability you are just wasting your time IMO. It would be a bit like banging your head against a wall and taking aspirin because you have a headache?
You should be able to recover from an uninfected backup? but it will still come back because you are obviously vulnerable?
For anyone to really help you they will need to visit the site and have a look. I would ask anyone interested to PM shad0w7 to get the relevant information..............thanks
-
May 4th, 2010, 09:34 AM
#3
Member
Thats not really a problem, because we know how we got hacked, the admin was keylogged... Passwords have been changed,etc, but we still have this problem. Please if anyone is willing to have a look through the code and figure out where its hidden then pm me.
-
May 6th, 2010, 12:55 PM
#4
Send me a PM, i'd be happy to spend a lil time checking it out, the Moderator's here can verify i'm trust worthy.
-
May 6th, 2010, 01:01 PM
#5
edit , actually tell your friend to change the admin password on he's hosting cpanel on a different machine, also tell him to check all FTP accounts and change there' passwords and lock down permission settings on them.
Now he will need to browse he's file manager in he's cpanel account, and manually right click and edit on each file located in the file manager hunder public_html submenu. he will find that every file will have an iframe with the javascript that calls the malware for a drive by install when users visit the website.
also manually check the chmod permissions on each file and correct as necessary.
Personally i would just delete everything in the file manager and up-load a backup that isn't tainted.
in the future don't download programs etc from bittorent and randomly open suspicious programs etc, and keep your firewall and anti virrii defintions upto date and to regular scans.
I could link you to the actual malware but meh i'd prob get banned for infecting n00bs. do'h
-
May 6th, 2010, 09:24 PM
#6
Member
The problem is the main owner is away, and we cant get contact with him, so we only have FTP access for now. Also, it is not manually inserted in every page, we have checked. It is somehow inserted in some important function which is called by every page in its source. I will pm you a few details.
-
May 9th, 2010, 02:55 AM
#7
-
May 11th, 2010, 09:33 AM
#8
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By jethro in forum The Security Tutorials Forum
Replies: 4
Last Post: August 9th, 2006, 10:13 AM
-
By Aspman in forum Spyware / Adware
Replies: 20
Last Post: November 21st, 2005, 09:07 AM
-
By thing0 in forum Tech Humor
Replies: 1
Last Post: April 15th, 2004, 06:22 PM
-
By thehorse13 in forum AntiVirus Discussions
Replies: 3
Last Post: May 23rd, 2003, 01:35 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|