Announcement

Collapse
No announcement yet.

What to do if your site is infected by a virus

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    What to do if your site is infected by a virus

    If your site becomes infected with a virus, the advice below may help you solve the problem, and prevent it from re-occurring. However, removing a virus from your PC or web server may need help from IT professionals.

    Example warnings you will see on your site if it is infected by a virus are:*

    Access file is infected

    file name: nokiacq.ru8080/index.php
    Threat name: exploitjavascriptobfuscation type 894

    process name: c:\programmefiles\internetexplorer\iexplore.exe
    process id: 4728


    Instructions:
    1. First, suspend ordering on your site, go to 'Settings | Business Settings | Ordering'. In the box “Online Ordering”, tick ‘Suspended’ in the ‘Ordering Options’ on ‘Web Site’ panel.
    2. Wait 15 minutes, then download any remaining orders, go to 'Operations | Retrieve Orders'.
    3. Make a note of the last order number.
    4. FTP to your web server with an FTP client such as “Filezilla” and delete your online store folder, which will most likely be “acatalog”.
    5. Delete the SellerDeck specific contents of the “cgi-bin”**.
    6. Upload a new “index.html” file to the root of your web server with a message to advise your shoppers the site is down for maintenance.
    7. Contact you server host and ask them to change the password on your FTP account, if you do not do this, the infection will most likely resurface as the infection remembers the FTP password.
    8. On your PC, browse to the sites folder, this may be in a location similar to the below:

      C:\Users\Public\Documents\SellerDeck 2014\Sites\Site1***
    9. Delete the contents of the folder “SiteHTML” and “PreviewHTML”
    10. Now you need to find and destroy the virus on your PC, good anti virus software such as malwarebytes and AVG will allow you to run a scan to search and destroy the virus. If none of the anti-virus software you download and run a scan for on your PC finds the virus, you may want to visit an IT expert to have this virus removed.
    11. Once you have removed the virus, you can put your site live again, go to 'Settings | Business settings | Ordering'. In the box “Online ordering”, un-tick ‘Suspended’.
    12. Click ‘OK’ and refresh the web site. (‘Web’ | ‘Refresh website’)
    13. Finally, update your order number, go to Help | Troubleshooting | “Order number”. In this field, enter your last order number +1, then click “Update order number”.


    Note: If you are unable to perform any of the tasks above, you should either contact your server host to help with the server side issues, or contact and IT expert to remove the virus from your PC.

    Additional information:

    After you have performed the above server clean down, Google may still think there is malware on your site for a period of time. In order to request Google to review your site again, please see instructions below:

    http://support.google.com/webmasters...&answer=168328

    * The warning shown here is only an example to show the sort of message that may be displayed.

    ** SellerDeck can only recommend removing files that can be uploaded again by your SellerDeck software, if there are other files within the cgi-bin you must seek advice from the creator of these files, as they also may be infected.

    *** Depending on the installation option chosen or operating system used, the 'Site' folder can be found in either 'My Documents', 'Documents', 'Shared Documents' or 'Program Files' in the folder 'Actinic vX\Sites\' (with X replacing the version number). Additionally if there is only one site within the software it will be called 'Site1', if there are multiple sites within the software you will need to browse to the site folder name corresponding to the current site you are using

    NOTE: All versions after v11.03 will have a file path of 'C:\Program Files\SellerDeck xxxx'.
Working...
X