4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Website infected with virus: how do I resolve

by rban
2 replies
Problem 1 : I am not very technically proficient at virus-fighting

Problem 2: one of my client websites has been attacked and infected.. in such a way that anyone who visits the site gets infected. Last time I visited the site, my virus scanner found 29 viruses,,, I have listed the log from the scanner below **

The site belongs to a controversial organization whose previous sites have been continuously hacked and attacked before.

ONLY I have access to the site via FTP. Only two people (one of them is me) have access to the email for the website. Site is hosted at bluehost . I have contacted Bluehost and they have suggested Google webmaster tools.. whose instructions are so long and complex that I cant understand them.

Yesterday the other guy who has access to the email went in, and a message flashed on his screen saying 'this site is under attack'.

When you google the site, the result warns that visiting this site may infect your computer.

QUESTION:

1. should I simply delete all files from the folder and re-upload everything? Will that solve the situation?

2. If not, is there any way to run an anti virus or some sort of cleanser on the site itself? Is there a freeware available for this that is reliable?

3. gaaahhhh ... what do I do????



** LOG FROM MY VIRUS SCAN:


C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2WVYMTAZ\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2WVYMTAZ\gifimg[2].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\43XUDX83\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6SLECSUQ\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6SLECSUQ\gifimg[2].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6SLECSUQ\gifimg[3].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6SLECSUQ\gifimg[4].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\99Y08ASV\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\99Y08ASV\gifimg[2].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EKTEAS82\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EKTEAS82\gifimg[2].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EKTEAS82\gifimg[3].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EKTEAS82\gifimg[4].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FV313ILC\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FV313ILC\gifimg[2].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FV313ILC\gifimg[3].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GC9JZWI3\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\LV7N3EEO\VIyY[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bm
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MVCJC2AO\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\N6NWDKMQ\lcU[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bp
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P5098OY4\No01r[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bm
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P5098OY4\gifimg[1].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P5098OY4\gifimg[2].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P5098OY4\gifimg[3].htm
  • Viruses detected: Trojan-Downloader.JS.Gumblar.x
  • Action taken: File could not be disinfected. File was quarantined instead.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PXGN5B3C\S2am[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bp
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PXGN5B3C\Y1MC[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bp
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\Q5TY7EJZ\f0hMy[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bp
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\U4C8MYPZ\xKF[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bm
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WZ1IITJQ\UMON[1].swf
  • Viruses detected: Trojan-Downloader.SWF.Agent.bp
  • Action taken: None, file was left in its original location.
  • If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
Files scanned: 121254
Infected files: 29
Disinfected files: 0
Deleted files: 21
Files unable to scan: 34
#infected #resolve #virus #website
  • Profile picture of the author grangonzo
    Delete all those files from your site.
    Or run an antivirus from your hosting account and see if it can clean the files..
    Signature
    Lawyers News
    Free Advertising
    Tecnologia
    {{ DiscussionBoard.errors[1353846].message }}
  • Profile picture of the author fitzwar
    Contact your hosting provider and ask them if they can run a virus scan on the server. Or alternatively as suggested above delete all the files and reupload fresh files. Make sure your computer is clean first. And then change all your hosting FTP passwords and making sure any database passwords are secure aswell so the attacker doesn't come back.

    Good luck
    {{ DiscussionBoard.errors[1353927].message }}

Trending Topics