Jump to content

Please, check my web site


fricodam
 Share

Recommended Posts

Hello everyone,

Recently my web site was infected with a malware. Most security software blocked it. I cleaned the web site and put it back online, got cleared almost everywhere.

Unfortunately i am not able to run all the software that blocked my site. Analyzing the traffic it looks like people still are avoiding it. Would you please check it out - lelitespresso.com

thank you in advance

Link to post
Share on other sites

not sure how genuine this post is but curiousity got the better of me, its just currently a landing page from the web host but it still contains a malcious javascript, would contact your webhost and ask them to check for other IP's other than yours that maybe have FTP access to the page and change all the passwords as its clearly still compromised and wouldnt suggest anyone visit it with there being no content on there except for a malcious script

File name: malwarecode.js

Submission date: 2011-09-26 23:44:48 (UTC)

Current status: queued queued analysing finished

Result: 5/ 44 (11.4%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.09.26.01 2011.09.26 -

AntiVir 7.11.15.44 2011.09.26 -

Antiy-AVL 2.0.3.7 2011.09.26 -

Avast 4.8.1351.0 2011.09.26 JS:IFrame-DN [Trj]

Avast5 6.0.1289.0 2011.09.26 JS:IFrame-DN [Trj]

AVG 10.0.0.1190 2011.09.26 -

BitDefender 7.2 2011.09.27 -

ByteHero 1.0.0.1 2011.09.23 -

CAT-QuickHeal 11.00 2011.09.26 -

ClamAV 0.97.0.0 2011.09.26 -

Commtouch 5.3.2.6 2011.09.27 -

Comodo 10255 2011.09.26 -

DrWeb 5.0.2.03300 2011.09.27 -

Emsisoft 5.1.0.11 2011.09.27 -

eSafe 7.0.17.0 2011.09.26 -

eTrust-Vet 36.1.8582 2011.09.26 -

F-Prot 4.6.2.117 2011.09.27 -

F-Secure 9.0.16440.0 2011.09.26 -

Fortinet 4.3.370.0 2011.09.26 -

GData 22 2011.09.27 JS:IFrame-DN

Ikarus T3.1.1.107.0 2011.09.26 -

Jiangmin 13.0.900 2011.09.26 -

K7AntiVirus 9.113.5195 2011.09.26 -

Kaspersky 9.0.0.837 2011.09.26 -

McAfee 5.400.0.1158 2011.09.27 -

McAfee-GW-Edition 2010.1D 2011.09.26 -

Microsoft 1.7702 2011.09.26 Trojan:JS/Iframeinject.P

NOD32 6496 2011.09.27 JS/Iframe.AI

Norman 6.07.11 2011.09.26 -

nProtect 2011-09-26.02 2011.09.26 -

Panda 10.0.3.5 2011.09.26 -

PCTools 8.0.0.5 2011.09.27 -

Prevx 3.0 2011.09.27 -

Rising 23.77.00.02 2011.09.26 -

Sophos 4.69.0 2011.09.27 -

SUPERAntiSpyware 4.40.0.1006 2011.09.26 -

Symantec 20111.2.0.82 2011.09.27 -

TheHacker 6.7.0.1.311 2011.09.26 -

TrendMicro 9.500.0.1008 2011.09.26 -

TrendMicro-HouseCall 9.500.0.1008 2011.09.27 -

VBA32 3.12.16.4 2011.09.26 -

VIPRE 10593 2011.09.27 -

ViRobot 2011.9.26.4689 2011.09.26 -

VirusBuster 14.0.234.0 2011.09.26 -

Additional informationShow all

MD5 : e81d351f7bd8395049a1c53cd3c3ba05

SHA1 : ffb09c9f00e63bb7c3a61d3fefcde001e44314e9

SHA256: 6aea44071827df5ba5f5349a2cbd349a3a7799599cc4255253c1a0b108e17ec2

Link to post
Share on other sites

not sure how genuine this post is but curiousity got the better of me, its just currently a landing page from the web host but it still contains a malcious javascript, would contact your webhost and ask them to check for other IP's other than yours that maybe have FTP access to the page and change all the passwords as its clearly still compromised and wouldnt suggest anyone visit it with there being no content on there except for a malcious script

This post is very genuine -I am the owner of the site. I am not very technical, would you please explain in greater details what I need to do to get rid of this terrible thing than happened to me (my business is compromise and i am loosing money). I already removed the script from the index page about 3 weeks ago. How can I can myself from the hacking.

thank you very much in advance

Link to post
Share on other sites

not sure how genuine this post is but curiousity got the better of me, its just currently a landing page from the web host but it still contains a malcious javascript, would contact your webhost and ask them to check for other IP's other than yours that maybe have FTP access to the page and change all the passwords as its clearly still compromised and wouldnt suggest anyone visit it with there being no content on there except for a malcious script

OK, now I see what you mean by "a landing page from the web host". their servers were breached, and my index page has been removed. They ( my host) told me that the only way the malware got into my site is my FTP password. IS there any other way, to protect my sites from hacking, besides changing the password frequently? Host promised to scan the server, but i am not really satisfied with their actions. What should i do to prevent such a thing?

thank you

Link to post
Share on other sites

If the attackers are getting your FTP details, then it's likely the machine (NOT your server) you use to connect to your site, is infected with a keylogger.

Please have your host change the password, DO NOT connect to the site until your machine has been checked and cleaned;

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

If the attackers are getting your FTP details, then it's likely the machine (NOT your server) you use to connect to your site, is infected with a keylogger.

Please have your host change the password, DO NOT connect to the site until your machine has been checked and cleaned;

http://forums.malwarebytes.org/index.php?showtopic=9573

Thank you very much! I will run my security software on my machine and see what will come out. Do you mean my host can change my FTP password? Or any other password? My host is not very cooperative. I can change my FTP password myself. Did i get you correctly?

Thank you again

Link to post
Share on other sites

Changing your password yourself whilst your machine is infected, is a very bad idea. Your host should be able to do this for you. If they're not co-operative, I strongly urge you move the site elsewhere.

Please follow the instructions in the thread I referenced.

Link to post
Share on other sites

Changing your password yourself whilst your machine is infected, is a very bad idea. Your host should be able to do this for you. If they're not co-operative, I strongly urge you move the site elsewhere.

Please follow the instructions in the thread I referenced.

Of course i will clean my machine first. I have both - Malwarebytes and Security Essential. Eventually i will move my site, but since it takes time, i have to clean up everything first. thank you very much for your help. I'll be back as soon as my machine and my site are clean.

Best regards

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.