Avast blocking my sites

[polonus]

Suspicious code found here: wXw.idestino dot pt/js/1_7.js suspicious
[suspicious:2] (ipaddr:195.22.10.105) (script) wXw.idestino dot pt/js/1_7.js
     status: (referer=wXw.idestino.pt/)saved 165710 bytes d28cf8f0d2ea06ee74354e9add2b368c4f12adfb
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [iframe] -31.184.242.81/link.php  this is being blocked by avast Network shield as URL:Mal
     info: [decodingLevel=0] found JavaScript
     suspicious:

polonus

[quimkaos]

i just deleted all files and re-upload the originals, can i get a rescan, so i can report the problem to the ISP...

[Pondus]

Sucuri now say clean  http://sitecheck.sucuri.net/scanner/

[quimkaos]

thank you!

[DavidR]

i just deleted all files and re-upload the originals, can i get a rescan, so i can report the problem to the ISP...

Avast isn't alerting, so it looks like it was the Web Shield (real time scanning) that detected it, so the clean-up would have an immediate effect.

So you need to investigate how these are getting reinfected as there appears to be a vulnerability, commonly out of date content management software, Joomla, PHP, WordPress, etc.

[quimkaos]

in this case i'm not using any CMS, only php(in safe mode), html, css and Javascript (with prototype). So i'm point more to a server problem. it's a shared host service.

i just changed the file permission to 444 (read only)

or a bug in prototype... thou i need to use an slightly outdated version, so fixing it would be a problem...

[DavidR]

The Host software also has to have the latest versions, etc. of you are likely to revisit this problem a lot.

[polonus]

Hi quimkaos,

After you did what DavidR suugests, you can additionally scan your website code here: http://evuln.com/tools/php-security/

polonus