Announcement

Collapse
No announcement yet.

access file infected

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    access file infected

    hi

    i've just tried to accest my online shop and i got this avg message

    Access file is infected

    file name: nokiacq.ru8080/index.php
    Threat name: exploitjavascriptobfuscation type 894

    process name: c:\programmefiles\internetexplorer\iexplore.exe
    process id: 4728

    DO i need to be worried? how do i fix this problem?

    #2
    Yes

    You have an infected site - there's an embedded <iframe> just below the <body> tag.

    Did Actinic support find a cause and fix for your previous malware issues, you seem to be getting it quite rough!

    Is this on your new laptop, which you have imported the snapshot from, but remain on the same web host?

    Have you changed all your FTP details since last time?

    Comment


      #3
      Just below the </head> tag and above <body> tag, there is a <script src=> tag which is broken, but is linked to another Blocked site.

      Comment


        #4
        Originally posted by grantglendinnin View Post
        Yes

        You have an infected site - there's an embedded <iframe> just below the <body> tag.

        Did Actinic support find a cause and fix for your previous malware issues, you seem to be getting it quite rough!

        i believe actinic do not support v7 any more

        Is this on your new laptop, which you have imported the snapshot from, but remain on the same web host? Yes

        Have you changed all your FTP details since last time?
        No

        help - what do i do next

        Comment


          #5
          shut down your online shop, get orders if there are any first.

          take note of your last order number, then delete acatalog folder and contents from cgi-bin, upload a single page call it index.html and simply say your site is down for maintenance. put a 404 error message in the root to to redirect all traffic to index. thats your online damage control.

          now remove all content from siteHMTL, previewHTML

          Download a trial a kaspersky update kaspersky, download updates for malwarebytes

          go offline and scan, if these dont throw up any problems, download a diiferent AV and try it - remove previous AV as you cant have more than one AV.

          keep doing this until you find the problem....

          This is not an actinic problem, its the secuirty on your PC so if you need help either ask here or go to some AV forums

          Comment


            #6
            Ok

            i am just about at my whits end with this now.

            i thought i was clear of the problem with the new lap top, would seem that was a waste of money!!!

            so i come on here to ask advise and get conflicting information.

            would someone please, in laymans terms, tell me what i can do or where i can go to get this problem sorted.

            Comment


              #7
              Caroline,

              If you don't understand and can't implement the suggestions from Jo's post, then I'm afraid that you probably need a site visit from an internet security professional.

              If you had a serious medical viral infection, you would expect a trained doctor to attend to you.

              There's a limit to self-help if you don't have the relevant experience.
              Norman - www.drillpine.biz
              Edinburgh, U K / Bitez, Turkey

              Comment


                #8
                I had a similar infection a bit back (the computer one, that is..nothing personal lol) and the only AV I could get to pick it up, so I could clean it, was PC tools Spyware doctor.
                Everyone will have their own chosen AV and some detect these things, some don't.
                Neither NOD32 or Malwarebytes or AVG had detected my iframe problem although I'm sure some others would have.
                I googled the particular trojan/virus I had and gathered info on what AV programs appeared to work for other people who had posted about it.

                Chances are it'll cost you in both time and money. But so does having an infected site.

                If time is crucial to you, pay someone else to clean your system for you. There is no quick fix
                It took me several days to fix mine and cost me a tidy sum both in time and lost revenue. However, I also couldn't get someone to come out to me and fix it any quicker.
                It was fixed in reasonable time (once I found something that WOULD fix it) but asGoogle had also blacklisted my site (as they may do yours if they haven't already?), the restoration of the site was slow and costly.
                Tracey

                Comment


                  #9
                  ok

                  thanks - i'll give it a go.

                  am i ok to download other software, will it not conflict with avg?

                  Comment


                    #10
                    Originally posted by caroline View Post
                    am i ok to download other software, will it not conflict with avg?
                    As Jo (pinbrook) said earlier: You can only run one Anti-Virus at a time. You will have to disable your existing one (AVG) in order to run another.

                    Comment


                      #11
                      Originally posted by caroline View Post
                      am i ok to download other software, will it not conflict with avg?
                      See Jo's post:

                      Originally posted by pinbrook View Post
                      remove previous AV as you cant have more than one AV.
                      Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

                      Comment


                        #12
                        It's also important to change your FTP password. In the most common problem of this type, the malware on your PC detects FTP password being sent and sends it to a third party. The third party then downloads various files from your web site, infects them, then uploads them back to the site.

                        So you may have removed the orginal cause of the problem by changing PCs, but the third party still has your FTP password, and can re-infect your site however often you clean it.

                        So delete your site on the web server as described in previous posts, but alos get your web host to change your FTP password and you then update it in your network settings in Actinic before re-uploading your site.

                        Chris

                        Comment


                          #13
                          Just wanted to add some comment to this thread (although some of it is just underlining what is said above)

                          I have just helped someone with this exact same problem. The guy had wiped his computer totally clean and started afresh so there were no viruses on his PC. However, before he did this he'd done an upload to his website and this had affected the checkout pages of his site. Customers were getting warning messages if they were running AVG or similar, which obviously was affecting business.

                          What we did to solve this was as follows:

                          - suspended ordering in business settings and then do an upload
                          - waited about 15 minutes for anyone on the site at the time to complete their order
                          - retrieved orders and made a note of the number of the last order (important if you want to keep your sequence of order numbers in tact)
                          - deleted the hosting space against the domain
                          - re-instated the hosting space with a brand new FTP password
                          - quickly uploaded a holding page stating that the website was down for maintenance but would be back very shortly
                          - did a quick scan of the PC using Norton anti-virus just to double check that no viruses were present on the PC
                          - under 'web' and 'network settings' we changed the FTP password to the new password
                          - then did a complete website refresh (we changed the folder permissions of the cgi-bin to 777 before doing this so that we didn't run into problems)
                          - on completion we checked everything was present and correct, and it was
                          - we then went back into business settings and re-instated ordering
                          - one other thing - we went into help, troubleshooting and where it says order number '0' we changed the zero to the last order number that we received +1 so that the next order that comes through is back in sequence (if you don't do this then the next order you receive will be 1 and you'll be out of sequence)
                          - then did another upload (not a refresh, just a normal upload) to allow ordering again

                          The above might seem long-winded and a complete pain but (providing your PC is clean) it does work.

                          If it doesn't then really the only thing you can do to get the problem sorted is to try and revert to a backup before your PC became infected...but hopefully no one will need to do this.

                          Hope this helps anyone else that suffers this problem.
                          Cheers
                          Stuart

                          Comment

                          Working...
                          X