4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Client's Site Has A Virus On It. Any Help?

by Trig7
3 replies
I just went to the homepage of one of my client's sites and it says that it is a reported attack page. When I clicked on "Why Was This Page Blocked", I got this message.


What is the current listing status for *************.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 6 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 56 pages we tested on the site over the past 90 days, 15 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-03-01, and the last time suspicious content was found on this site was on 2012-03-01.Malicious software includes 19 scripting exploit(s), 19 trojan(s), 4 exploit(s). Successful infection resulted in an average of 13 new process(es) on the target machine.
Malicious software is hosted on 3 domain(s), including turningsbyterry.com/, htpcapital.com/, karenbrowntx.com/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including karenbrowntx.com/.
This site was hosted on 1 network(s) including AS20115 (CHARTER).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, ***********.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.






Anyone know what could be the cause of this and how to fix it? I haven't touched the site for at least 4 months so I don't know what it could be.

#client #site #virus
  • Profile picture of the author Nochek
    So many possibilities. Most likely, there was an exploit or a backdoor to your script. Less likely, someone got your password and did it custom like.


    Connect through FTP, find all files changed since your last update to the site, and delete/replace/go over with a fine tooth comb. That should get rid of most of the malicious code. After that, start updating all your software, go to an in-house system, or otherwise rip out all the computation and stick purely html fluff in to make sure it doesn't happen again.
    Signature
    Nochek Solutions Presents:
    The Hydrurga WSO - Rank Your Site #1 And Score Over The Penguin Updates!
    {{ DiscussionBoard.errors[5743516].message }}
  • Profile picture of the author Trig7
    The following code, according to the diagnostic from Google Webmaster tool, claims to be the issue for some pages.

    <script> var BrowserDetect = { init: function () { this.brow
    ser = this.searchString(this.dataBrowser) || "An unknown bro
    wser"; this.version = this.searchVersion(navigator.userAgent
    ) || this.searchVersion(navigator.appVersion) || "an unknown
    version"; this.OS = this.searchString(this.dataOS) || "an un
    known OS"; }, searchString: function (data) { for (var i=0;i
    <data.length;i++) { var dataString = data[i].string; var dat
    aProp = data[i].prop; this.versionSearchString = data[i].ver
    sionSearch || data[i].identity; if (dataString) { if (dataSt
    ring.indexOf(data[i].subString) != -1) return data[i].identi
    ty; } else if (dataProp) return data[i].identity; } }, searc
    hVersion: function (dataString) { var index = dataString.ind
    exOf(this.versionSearchString); if (index == -1) return; ret
    urn parseFloat(dataString.substring(index+this.version Search
    String.length+1)); }, dataBrowser: [ { string: navigat
    or.userAgent,subString: "Firefox",identity: "Firefox"},{stri
    ng: navigator.userAgent,subString: "MSIE",identity: "Explore
    r",

    Any insights Nochek? Thanks in advance for any extra help you can give me.
    {{ DiscussionBoard.errors[5744089].message }}
  • Profile picture of the author Alastair McDermott
    Could be a false positive. See if there's anything in Webmaster Tools to help resolve that.
    {{ DiscussionBoard.errors[5744143].message }}

Trending Topics