7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

Virus Detected on three of my websites: Java:Blackcole-A [Trj] Please help, any ideas?

by jleavitt13
6 replies
Hey Warriors,

I do not know much about fixing virus issues, on three of my websites (all hosted through the same account on Rackspace) within the last few days visitors have started to report virus detection alerts, and a few people have reported their computers actually being infected.

I have installed avast! anti virus for my mac, and it does trigger an alert on many of the pages, the alert says the following:

Infection: Java:Blackcole-A [Trj]
URL: http://mysite.com/page (appears on most pages)

The same infection name is showing on all of the websites.

I have no idea where to start for fixing this / removing the virus. Any suggestions would be great!

Thank you!
#detected #ideas #javablackcolea #trj #virus #websites
  • Profile picture of the author SuzanneH
    I've heard a lot of good things about this company in terms of getting rid of malware and protecting websites:

    Sucuri Security

    Not sure if they can help with your specific problem. Or can Rackspace help?

    Suzanne
    {{ DiscussionBoard.errors[6465369].message }}
    • Profile picture of the author Dan Curtis
      Blacole is malicious javascript that is installed on servers. It then calls up other files and organizes an attack on vulnerable computers. Computers running up-to-date antivirus software should be protected.

      There is probably nothing you can do personally. Since it is on the server it would be your web host that would have to deal with this.
      {{ DiscussionBoard.errors[6465613].message }}
  • Profile picture of the author so11
    Originally Posted by jleavitt13 View Post

    Hey Warriors,

    I do not know much about fixing virus issues, on three of my websites (all hosted through the same account on Rackspace) within the last few days visitors have started to report virus detection alerts, and a few people have reported their computers actually being infected.

    I have installed avast! anti virus for my mac, and it does trigger an alert on many of the pages, the alert says the following:

    Infection: Java:Blackcole-A [Trj]
    URL: http://mysite.com/page (appears on most pages)

    The same infection name is showing on all of the websites.

    I have no idea where to start for fixing this / removing the virus. Any suggestions would be great!

    Thank you!
    Hello,

    1. If you have a backup, flush all content from you web/hosting directory and reinstall. That'll be probably the best way to clean everything up.

    2. If thats not possible, go through your web directory and check if there are any files added with recent dates, if so, that could be infected files....(before removing anything, back it up in case, even if its infected, better than nothing)

    3. Then you need to scan your site and remove infected or malicious files. A regular desktop antivirus might not do the job, it needs to be a Web security scanner. You can search for free ones, though paid ones are the best.

    4. Scan your PC with a regular antivirus to see if it got infected from your PC. If not, its means your site/blog configuration might have vulnerabilities, so even if you get everything cleaned up it might get infected/hacked again.

    5. When done cleaning, reinforce security of your site/blog.

    so11
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[6467054].message }}
  • Profile picture of the author rontheitguy
    I don't have the solution to your current problem, but this is why I do daily automated backups on my all of my sites. So once you're back up and running, I'd strongly recommend getting a daily backup in place so if it ever happens again, you have a clean copy to restore from.

    In the meantime, I feel for you and wish you the best in getting rid of the virus! I've been there which is why I do backups today! Good luck!
    Signature

    "Do, or do not. There is no try."
    The Wisdom of Yoda
    {{ DiscussionBoard.errors[6467133].message }}
  • Profile picture of the author contentwriting360
    Banned
    Josh, are your websites in WordPress?
    {{ DiscussionBoard.errors[6467201].message }}
  • Profile picture of the author Michael Meaney
    I had a similar problem recently.. tried to remove it myself.. failed.. hired 3 other dudes to remove it.. they failed.

    I had to sign up to Securi and got them to remove it.

    Money very well spent.
    Signature
    {{ DiscussionBoard.errors[6467229].message }}

Trending Topics