it would seem that both my websites have virus treats.

one is an online shop , obviously deisgned in Actinic v7 and the other is a static site i designed in frontpage

the online shop has had a few problems and now google are warning about the site and my web host company have told me it's a code injection problem

the static site - i thought was ok until today AVG flashed up a virus threat.

fasthosts have advised that i need to find the code in the java or html and remove it.

i am way out of my depth with this and not sure what to do next.

can anyone offer me some advise.

Download Firebug, view your site in Firefox and bobs your uncle.

your looking for your index.html or php files edit these and remove anything that has iframe in it

you also need to change all your ftp passwords and run a spyware scan.

This has probably because you have visited an infected site. Anything you do on your pc including new passwords will be copied until you remove it

DO NOT DO ANY INTERNET BANKING

Download Firebug, view your site in Firefox and bobs your uncle.

will this remove the code injection? is it just on the server or is it on my hard drive?

your looking for your index.html or php files edit these and remove anything that has iframe in it

you also need to change all your ftp passwords and run a spyware scan.

This has probably because you have visited an infected site. Anything you do on your pc including new passwords will be copied until you remove it

DO NOT DO ANY INTERNET BANKING


where am i looking for these files. in the folders on my hard drive or in the html/java?

i can change passwords (haven't done it yet) but i ran avg, ad-aware and malware last night and it detected nothing.

i am always internet banking - S**T!!!!

My thoughts...
First - change your FTP password.
Second - open your site index.html page in your browser and view source - look for 'iframe' - which is a common method of infection. If you find it then delete the site and reupload the site.
Third - check your local PC for viruses (but as you ran the checks already it sounds like it's only online)

From past problems chasing one for three days. The infection is likely to be on your pc or a pc that has your ftp details for your website. The index files i mention are all on your server, the iframe is some code inserted into it with links to sites that contain the virus.

You should find a clean pc, log into your webserver and change the ftp passwords, do not do it from your everyday pc also change all internet banking passwords and anything you want to protect.

Forget AVG and all those AV's, they are crap at finding keyloggers you need a spyware program, sometimes these spyware programs will require manual deletion including running windows in safe mode and from command prompts it really depends on how nasty it is. Try spyware terminator and search and destroy for two free options, run these both and see what it comes up with.

i am not trying to panic you but if you dont get rid of it properly your be back here in a week with the same problems. Good Luck

will this remove the code injection? is it just on the server or is it on my hard drive?This will show you where the code is. But changing your passwords etc is the first step.

From past problems chasing one for three days. The infection is likely to be on your pc or a pc that has your ftp details for your website. The index files i mention are all on your server, the iframe is some code inserted into it with links to sites that contain the virus.

You should find a clean pc, log into your webserver and change the ftp passwords, do not do it from your everyday pc also change all internet banking passwords and anything you want to protect.

Forget AVG and all those AV's, they are crap at finding keyloggers you need a spyware program, sometimes these spyware programs will require manual deletion including running windows in safe mode and from command prompts it really depends on how nasty it is. Try spyware terminator and search and destroy for two free options, run these both and see what it comes up with.

i am not trying to panic you but if you dont get rid of it properly your be back here in a week with the same problems. Good Luck

This was a very useful reply about AVG and spyware, time for me to learn a bit more.

cheers
malc

ok

i've changed my ftp passwords on a clean laptop.

i then looked at my websites in internet explorer.

www.alpacaonline.co.uk and viewed the source on the index page, i couldn't see iframes anywhere and there was only about 23 lines of text.

www.alpacaknitwear.co.uk viewed the source the same and got an avg warning and a load of numbers in line 13 that isn't on the other website.

in theroy these 2 sites should be identical as i lead up the same files from front page and the online shop sits in the acatalogue folder in alpacaknitwear.co.uk site.

could this be my problem and where do i go form here


Caroline
ps. thanks for all this advise, you wouldn't believe how much i appreciate it.

Delete the files on the server for the problem site and reupload using your new FTP password.

of course - thats logical. Doh!!!!

should i run any anti- spy/mal/virus stuff first

Make sure your PC is as clean as you can detect first.

We have had two credit cards compromised this year which made me paranoid.
We run ESET Smart Security, but in our paranoia we then installed Spy Sweeper and Keyscrambler.
Spy Sweeper found lots of malware on our PC's, but none of it serious.
Keyscrambler just makes me feel protected!
A couple of months ago three of our websites were hacked by some lowlife modifying the .htaccess file which then intercepted calls from a google search listing and redirecting them to their porn sites.
No idea how they got in, but it did highlight the fact we were using the same password for all our sites :o

We completely cleared out the server and freshed into new hand-built directories just to be sure.

It's yet another good reason to ensure you keep regular snapshots and DB backups IMHO.

I would do it different,

First delete all files on the server ALL FILES. if memory serves me well I think most isp's offer a total restart of the server for you which would remove all hidden files as well

Second change ftp passwords and passwords of other software you use

Third scan you pc with as many virus and keylogger type software as you can get

When you are happy the pc is clean then re-load to server

today i have scaned my laptop with AVG, malware and ad-aware. all showed nothing.

i then deleted all files from ther server using ftp sofware and re- uploaded everything.

i scaned it again to check noth creeped back in.

i have yet to check my websites and to be honest, i'm dreading it.

will let you know how it goes.

ok i've got a problem

when trying to get onto my online shop - i get an error page

http error 403 - says something about most likey cause is it requires log in.

I'm getting a security warning still on www.alpacaknitwear.co.uk: (http://www.alpacainitwear.co.uk:)

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=http://www.alpacaknitwear.co.uk/

You might need to get in touch with Google once you've fixed the error above.

I'm getting a security warning still on www.alpacaknitwear.co.uk: (http://www.alpacainitwear.co.uk:)

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=http://www.alpacaknitwear.co.uk/

You might need to get in touch with Google once you've fixed the error above.

yeah i haven't requested a review of the site yet - want to make sure it is all ok first.

do you have any idea about the error page?

something seems a bit odd with your configuration, the .co.uk pages dont seem to exist.

can you explain how you have the two domains setup

something seems a bit odd with your configuration, the .co.uk pages dont seem to exist.

can you explain how you have the two domains setup

you have completely foxed me and i'm not sure how to answer!

:confused:

Malwarebytes (http://www.malwarebytes.org) is far more thorough than AVG and Ad-Aware - it tends to be on the ball, run a full scan of your PC, that should hopefully ensure your sytems are clean.

Have you requested Google to remove your pages from their index, or has this been Google's move?

Malwarebytes (http://www.malwarebytes.org) is far more thorough than AVG and Ad-Aware - it tends to be on the ball, run a full scan of your PC, that should hopefully ensure your sytems are clean.

Have you requested Google to remove your pages from their index, or has this been Google's move?

Thanks i have got Malwarebytes and have been running this along side avg and ad-aware. all bases covered i hope.

i haven't contact google at all - but i need to now, just need find my way around requesting a malware review of my sit so they can remove the warning, it doesn't look too good for business!!!

I would suggest these following things to protect yourself:

1) Make sure you use a good anti virus e.g. Kaspersky, NOD32 etc
2) Install and the browse the internet using sandboxie http://www.sandboxie.com/ (Anti virus isn't enough nowadays)
3) Use a router - Most routers come with a firewall and NAT. This will protect your computer for port scan to see if your a weak target
4) Install all of your windows updates