1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How & WHY is there a VIRUS attached to MY WEBSITE?

Discussion in 'Black Hat SEO' started by RockStarMarketing, Apr 6, 2010.

  1. RockStarMarketing

    RockStarMarketing Newbie

    Joined:
    Jun 10, 2009
    Messages:
    43
    Likes Received:
    29
    Ok all - how the HECK did a virus attach itself to my site?

    go to my site - http:// www. rockstarautoglass . com

    I know you're not a risk because it is being caught by my AVG free antivirus software.

    Anyone know how to remove this virus? Its screwing up my sales bigtime!

    Thanks! :confused:
     
  2. Hijinx

    Hijinx Junior Member

    Joined:
    Apr 13, 2009
    Messages:
    142
    Likes Received:
    87
    Location:
    New Jersey
    Look on your main page for a reference to an iframe... then see where the iframe is pointing, if its pointing to your domain find the folder and delete the files there...

    delete everything from <iframe blah blah blah through /iframe>

    Look through all your pages for ALL iframes then delete them all again make sure you figure out where the iframe is pointing it could be something like this

    Code:
    <iframe src="../some folder/something else/something.php"> </iframe>
    and delete those files... then check your DB if you use one and check your folder permissions
     
  3. RockStarMarketing

    RockStarMarketing Newbie

    Joined:
    Jun 10, 2009
    Messages:
    43
    Likes Received:
    29
    Have you checked the site?
     
  4. nam6641

    nam6641 Supreme Member

    Joined:
    Nov 15, 2008
    Messages:
    1,476
    Likes Received:
    914
    Location:
    East Coast
    are you using wordpress? if so they could have done a sql injection. if you're not using it, did you install any java code for an app on your site? they can manipulate that on their end.
     
  5. Hijinx

    Hijinx Junior Member

    Joined:
    Apr 13, 2009
    Messages:
    142
    Likes Received:
    87
    Location:
    New Jersey
    Yeah i looked at your page... you have encrypted code at the bottom of your main page right above your google code that when decrypted it shows an iframe leading to the following

    Code:
    iss9w8s89xx .org / in . php
    which is the virus site... again go through the steps originally posted... you need to look through your code and remove that crap... look for variations of the code... it is encrypted on your main page it might be in plain text somewhere else... etc...

    here is an online tool you can use to decrypt that particular method "unescape"
    Code:
    http://www.tareeinternet.com/scripts/unescape.html
     
    • Thanks Thanks x 1
    Last edited: Apr 6, 2010
  6. blackhit

    blackhit Super Moderator Staff Member Jr. VIP Premium Member

    Joined:
    Jan 28, 2008
    Messages:
    2,402
    Likes Received:
    4,251
    Location:
    Dark Side Of The Moon
    Do you use a FTP program to access your site?
    If yes, which one?
     
  7. kimkils

    kimkils Power Member

    Joined:
    Jan 10, 2009
    Messages:
    663
    Likes Received:
    225
    its malware which gets passwords from common ftp software then sends it off to "the bad people" who upload iframes automatically to websites... change your passwords!! :)

    Happened to me a few times, they got the passwords from parents computers
     
    • Thanks Thanks x 1
  8. dvdvids

    dvdvids BANNED BANNED

    Joined:
    Apr 5, 2010
    Messages:
    242
    Likes Received:
    188
    I would suggest that you change your cPanel password also
     
  9. goldstrike4u

    goldstrike4u Junior Member

    Joined:
    Dec 22, 2007
    Messages:
    189
    Likes Received:
    124
    Do a search on Google on how to remove the Gumblar virus.
     
  10. wickid12

    wickid12 Regular Member

    Joined:
    Dec 4, 2009
    Messages:
    363
    Likes Received:
    36
    Wow the guys who can do that sort of thing are rich lol...
     
  11. reinie

    reinie Elite Member

    Joined:
    Jan 16, 2009
    Messages:
    1,574
    Likes Received:
    1,040
    I had the same thing a while ago...some iframe.
    I called hostgator, and they fixed it for me while i was on the phone with them...pretty cool
     
  12. arbydee2

    arbydee2 Regular Member

    Joined:
    Mar 20, 2010
    Messages:
    413
    Likes Received:
    223
    Location:
    127.0.0.1
    Home Page:

    Yeah this actually got me started on an idea. lol.
     
  13. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    lol say hello to bubba for me. Me and him go way back (he used to rape me every night in jail :().