Avast WEBforum
Other => Viruses and worms => Topic started by: BabyCharles on April 28, 2009, 01:04:19 AM
-
my web site : http://imagesuploading.us
i cant visit my site with avast antivirus. my site was attacked by hackers and you stated it as dangerous site. please solve this problem immediately
-
Well, if its your site then you proabally have to go on it with Firefox (Current Version) with NoScript (Current Version). Then just edit the page by taking out the dangerous/unwanted/unnessary/Iframe/favicon.gif things that is causing the virus. If you don't know what is causing the virus, then I suggest you wait until a professional Avast user can help you with the coding. Also, please change the http:// to hXXp:// to prevent people from axidently clicking on the link.
-
thanks for informing but, i deleted my ftp and all files within, and moved to another host. only problem of my site is that it has been stated as dangerous by avast. need your help to fix it. thank you
-
thanks for informing but, i deleted my ftp and all files within, and moved to another host. only problem of my site is that it has been stated as dangerous by avast. need your help to fix it. thank you
Is it because the web server you use adds a hidden virus in it now? Whats the website name of where you upload?
-
i was infected with iframe virus before. but later i formatted my harddisk and scanned whole harddisk with avast. now i dont have any problem with my pc
-
Well this is all that is on your site now, see image. So for what ever reason it is still hacked and because of the previous malicious state it was blocked, you can report this as virus (at) avast (dot) com once you have cleaned up your site (as you are here) or it is unlikely to be removed from the list very quickly.
What I find strange is how you can get a .us domain from Turkey.
You computer being clean isn't really the issue, what is, is your Host and the site being clean.
-
You can get a .us domain from just about anywhere DavidR.
Provided you register ownership of the domain name with a net services company authorised to provide that registration. I purchase web services from a company in US or Australia, for example, and simply pay through exchange rate for cross-border ownership. I think some countries may have restrictions in place but I dont actual know for sure. So easy to register most domain name extensions from anywhere and often is easy way to conceal identity or start false premise if want. I think well used avenue for deviant.
Some net services companies will place their own restrictions on registration. For example, I can buy .us extensions from my services company in US and yet I cant register my local extension .co.nz because they don't do it.
On the other hand (unrelated matter), my ISP is provided through local service vodafone.co.nz
On my Hijack This log:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD43D014-E30E-44E8-A0CE-579457CF61CB}: NameServer = 202.73.206.16 202.73.198.16
I followed up on the entry 202.73.198.16 to substantiate and it put me into subnet of vodafone.net
-
no no my pc and website clean and server.
problem my site is suspicious by avast
-
yes I speak not related to your PC or server.
Just bout domain names and how easy to exploit registration process if want.
Things to be aware of when on the web. :)
-
Because it served rootkit file on 7th of April and because sites with such names are usually used in Bancos scam sites.
-
i do not think my site is used for scam. as you can guess, if something like this would happen, my hostmaster wouldnt give me host and ban me. i want you to change my ban from avast. what do you want me to confirm to do that?
-
Was there file named silkbot.exe in the root of your site? What was its purpose? Were you owner of the domain and the site on 7th of April? Where did the file go? etc...
-
my ftp password has been changed and when i finally entered i noticed that there were silkbots.exe,config.html and some js files
and all my php files had iframe codes i think it is to run exe on all folders
yes domain was mine at 7th april but i didnt understand what does that change?
-
Removed from block (it will take some time to get out in vps), will monitor the situation...
-
Thanks kubecj
-
Now since you use PHP on the site took you must ensure that your Host uses the latest version of PHP as older versions could be vulnerable and be exploited.
Changing your passwords to stronger ones would help but you should also speak to your HOST about the fact that your sites was hacked and since it involves PHP do they have the latest version of the PHP software and what can they/you do to help prevent your site being hacked in the future.