0

If any body search for heady00, she/he got such an entry that I write below.

heady00.com hacked by OsmanliTIM heady00.com hacked by OsmanliTIM. ...

That is my site heady00.com I don't know what's wrong with it. Hacked means what ? I don't have any crucial or important things here instead of just a message that my site is available soon. But I'm very tensed from this annoying thing. Chrome suggest me to don't open this website because it has some malware inside it. Any ideas.

Thanks
chand

3
Contributors
11
Replies
12
Views
8 Years
Discussion Span
Last Post by Rik_
0

Do you have FTP access to it?


[Edit] I had a look and it looks fake to me.

Yes I have access through ftp and also from cpanel, but if you go here <snip> then might be you got a warning, probably if u go through the chrome.

0

I use FireFox with WOT and got no real looking warnings at all.

Check your Cpanel to look for an intrusion. There should be access logs on there somewhere.
Also, get in touch with your website provider and let them know what has happened.

0

Allright RIK, thanks so much once again. The fastest guy on any forum I ever seen.

Thanks

0

Jholland1964 reported problems after visiting your site.
Might be an idea to delete it from Cpanel and start it again from scratch.

Perhaps your PC infected your website or vice versa.

0

That site just killed my Windows.

Forced it to shut down (not hardware shutdown!) and gives me BSOD on every bootup since. I had to install temporary windows on other drive. (Sick *&&^$#)

Right now I'm trying to figure out how to revert the situation.

In the mean-time but this link should be TERMINATED RIGHT AWAY!!!!

0

That site just killed my Windows.

Forced it to shut down (not hardware shutdown!) and gives me BSOD on every bootup since. I had to install temporary windows on other drive. (Sick *&&^$#)

Right now I'm trying to figure out how to revert the situation.

In the mean-time but this link should be TERMINATED RIGHT AWAY!!!!

Now I realize that my desktop also sucked by it. It also shows often BSOD. Now tell me what I do just get rid from this domain or change the server. Its all crap, please tell me some technical things about the problem. I'm just going to take a class of service providers. crappy servers.

0

This is what I figured out so far:

This is what bitdefender got:
C:\WINDOWS\system32\dllcache\beep.sys Infected: Generic.Malware.P!.EAF3F10D
C:\WINDOWS\system32\dllcache\beep.sys Disinfection failed
C:\WINDOWS\system32\dllcache\beep.sys Moved
C:\WINDOWS\system32\dllcache\figaro.sys Infected: Generic.Malware.P!.EAF3F10D
C:\WINDOWS\system32\dllcache\figaro.sys Disinfection failed
C:\WINDOWS\system32\dllcache\figaro.sys Moved
C:\WINDOWS\system32\drivers\beep.sys Infected: Generic.Malware.P!.EAF3F10D
C:\WINDOWS\system32\drivers\beep.sys Disinfection failed
C:\WINDOWS\system32\drivers\beep.sys Moved

It replaced beep.sys which is being loaded even in safe mode. It is a driver for the beeper and is universal. The site triggers a flash animation and I suspect that the trojan is enbedded within the animation (little blobs following the mouse cursor). I don't think that the BSODs I expirianced was intentional by the malware creator. Seems like the BSOD is in low-level conflict with sptd.sys (came with daemon tools), because if I choosed not to load SPTD.SYS during safe mode bootup, then the safe mode would boot without BSOD, but the malware would be active and prevent me from dealing with it.

I removed (and restored original) beep.sys, but it still gives me BSOD on boot attempt... (work in progress)

0

Yes the flash animation is what I upload it there, but if u just search in google about heady00 you might could find a clue about the problem.

the second searched item that you find looks like that as shown below.

heady00.com hacked by OsmanliTIM
heady00.com hacked by OsmanliTIM. ... Defacer: OsmanliTIM; Domain: <snip> IP address:<snip> ...
<snip> - Cached - Similar -

I also trying to know about this suck man, who is he.

0

Phiew...

Not that I'm blowing my own horn, but I've managed near-impossible. I've got rid of the trojans.
The battle was long and hard *khhh-khhhh*... the adversary was cunning and persistant... *khhhh*.. OK. Enough with the drama.

The damn thing was all over the hard disk. I had to install extra XP just to get a clean start and a hope of getting rid of the nasties. It kept replacing Beep.sys and NTFS.sys in System32\drivers and System32\dllcache folders, it kept creating Figaro.sys, hp32_nword.exe and several more startup nasties.... it took out my firewall, made Combofix not able to execute, it prevented me to do ANYTHING 'coz it would shut down windows almost immediately (logging on to my account = immediate shut down. Logging on to Administrator = 5 minutes to shut down)... gave me regular BSODs (apparently virtual drives + nasties = BSOD)...

In the end, this veteran OS install is 3 yo and counting :-)


I'm off now to tend to my sleep-deprivation.

0

That explains why I didn't get infected by that site. I have the security quite high on Flash animations. I only ever allow them on trusted sites.

chand, got to Cpanel - file manager, and you should be able to delete everything from your site safely.

Chaky, sleep well. :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.