1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my site is infected with a trojan?

Discussion in 'BlackHat Lounge' started by urobee, Jul 7, 2017.

  1. urobee

    urobee Junior Member

    Joined:
    May 1, 2016
    Messages:
    130
    Likes Received:
    28
    Hy,

    I got this message when I try to reach my Wordpress site on PC but there is no message on phone:

    You are not permitted to download the file "" because it is infected with the virus "HTML/ScrInject.B!tr".

    URL = http://a****
    File quarantined as: .

    http://www.fortinet.com/ve?vn=HTML/ScrInject.B!tr
    Client IP: 10.200.***.***
    Server IP: 199.188.***.***
    User name:
    Group name:

    /IPs and url are censored by me ofc/
    What is this? :O
     
  2. norival1992

    norival1992 Registered Member

    Joined:
    Sep 24, 2015
    Messages:
    68
    Likes Received:
    5
    Home Page:
    You must load your source and check it by your self.
    virustotal.com is the best one for checking.
     
  3. Innovatorz

    Innovatorz Regular Member

    Joined:
    Sep 4, 2016
    Messages:
    356
    Likes Received:
    225
    Gender:
    Female
    Location:
    Internet
    A nulled theme, or plugin or site might've been hacked. Check your files from cpanel to see what is wrong. I'd suggest running a scan, but not sure if you have access to the site
     
  4. mickyfu

    mickyfu Jr. VIP Jr. VIP

    Joined:
    Dec 14, 2011
    Messages:
    7,390
    Likes Received:
    21,231
    Occupation:
    King Of Crypto C
    Location:
    Solihull Young Offenders
    I don't want to sound like a condescending cunt, but ask your host for a backup copy.
     
  5. Innovatorz

    Innovatorz Regular Member

    Joined:
    Sep 4, 2016
    Messages:
    356
    Likes Received:
    225
    Gender:
    Female
    Location:
    Internet
    That's a good idea but OP needs to know the date before he can proceed.
     
  6. mickyfu

    mickyfu Jr. VIP Jr. VIP

    Joined:
    Dec 14, 2011
    Messages:
    7,390
    Likes Received:
    21,231
    Occupation:
    King Of Crypto C
    Location:
    Solihull Young Offenders
    Pretty sure most decent hosts can detect it.
     
  7. Innovatorz

    Innovatorz Regular Member

    Joined:
    Sep 4, 2016
    Messages:
    356
    Likes Received:
    225
    Gender:
    Female
    Location:
    Internet
    I agree, but Godaddy won't do it. :(
     
  8. mickyfu

    mickyfu Jr. VIP Jr. VIP

    Joined:
    Dec 14, 2011
    Messages:
    7,390
    Likes Received:
    21,231
    Occupation:
    King Of Crypto C
    Location:
    Solihull Young Offenders
    I'm pretty sure Godaddy is not a decent host.
     
    • Thanks Thanks x 6
  9. living2xl

    living2xl Jr. VIP Jr. VIP

    Joined:
    Dec 9, 2011
    Messages:
    1,707
    Likes Received:
    395
    Occupation:
    Sippin dat juice - Shout it louder!
    Location:
    Not sleeping!
    Home Page:
    delete everything and use an old backup before infection is the easiest way
    that said you have to be damn sure your backup does not include compromised files
     
  10. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,478
    Likes Received:
    3,106
    Gender:
    Male
    Let me guess, you have a wordpress setup over there and you installed some nulled theme/plugins?

    First and foremost, scan your host for viruses. If you are on *nix, try installing clamav :
    Code:
    sudo apt-get install clamav
    
    for updating db signature
    Code:
    sudo freshclam
    
    and scanning your www folder
    Code:
    clamscan -r /var/www
    
    From future, I recommend you to version your project with git. That way you can detect malicious changes in the project very easily by doing
    Code:
    git status
    
    Also, stop using nulled themes and plugins if you don't know what you are doing. VT scans are bullshit and they can't detect any decent PHP/ASP shells.
     
    • Thanks Thanks x 1
  11. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    5,651
    Likes Received:
    1,300
    You no a lot are you a proper admin on servers ....cisco
     
  12. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,478
    Likes Received:
    3,106
    Gender:
    Male
    well lol i really don't. I am a progrmmer not a server admin.. but that's how I manage my own servers.. nice joke btw.
     
  13. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,491
    Likes Received:
    3,460
    Location:
    Hell
    Home Page:
    That so rude, they offer full year hosting for only $20 Plus free website builder + Support staff full of assholes.
     
  14. urobee

    urobee Junior Member

    Joined:
    May 1, 2016
    Messages:
    130
    Likes Received:
    28
    Thanks all of these amazing tips!

    My site is hosted on namecheap and it is running about a month ago without any new plugin or theme. All my plugins and theme are from the WP plugin installer. I check the site some online virus checker site but those doesn't find anything.
    Oh and this message is appears only on my workplace PC :O
    Can it be a false positive alert by my worplace's server?