Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: NilleUdd on September 26, 2012, 04:08:44 AM
-
Hi,
Recently I had a virus/worm that was sniffing my FTP. This seriously infected some of the web pages I manage. Avast did not detect (I am on the pay version). I did not identify anything until I installed and ran Maleworms.
However, I have no intentions running 2 software so I am fine with Avast. What can be wrong with my installation?
Now I wonder how I could have maleware running on my PC when I have all Avast functions running?
Then I browsed trough a little deeper and found some exlude filters which are poopulated already. How do I know what belongs there or not? Pressume a virus could make excludes itself? Please note I have not touched my filters.
Current P2P exclude filter below:
(http://i.imgur.com/Fr3rB.png)
-
Honestly iv never heard of Maleworms or Malworms so you might have to supply a bit more information, do you mean Malwarebytes ?
Also the exclusions you have there in P2P are all default so best not to touch them.
-
and not to forget that no security program have 100% detection...
so how do you know you have this worm?
what detected it?
-
Hi, Yes, Malewarebytes :)
How do I know I have a worm....
The only websites I have that got infected where the last few I FTP to. Non of the older sites with stored user data in was infected fortunately. A dozen of other signs but lets not focus on that.
-
A dozen of other signs but lets not focus on that.
and what is it you want to focus on....
if you have malware in your computer.....dont you want it removed?
or if you have a infected website.... can you post the urls here so we may check?
-
Sucuri
http://sitecheck.sucuri.net/results/huahin-vikings.com/
unmaskparasites - This page seems to be <suspicious>
http://www.UnmaskParasites.com/security-report/?page=huahin-vikings.com
Zulu analyzer
http://zulu.zscaler.com/submission/show/c4ba6aafa5990710bc47a81b2c330e23-1348731924
urlQuery
http://urlquery.net/queued.php?id=201411
-
@NilleUd,
Break that url like hxtp ..
@Pondus
Good analysis, this site has packer code flagged: huahin-vikings dot com/wp-content/plugins/flipping-team/jquery.flip.min.js?ver=3.4.2
WP software needs updating...spam related issues - spam campaign malware distributed...
It is a redirecting trojan....read this about this malcode there: https://www.badwarebusters.org/main/itemview/28392
harvesters and spammers in the IP range....http://www.projecthoneypot.org/ip_69.194.199.76
Furthermore the site suffers from an error -> http://wordpress.org/support/topic/plugin-flipping-team-activation-error
That is about it for the additional website issues, my friends,
greetings,
polonus
-
Thanks for replies. Lets see if I can remove it.
Regarding my PC I still don't know what it was or if its still there. Avast did not detect it. Malewarebytes detected 3 possible which I removed. Guess I will not find out until I have FTP next time.
As mentioned now i focus on cleaning the infected websites.