Jump to content


Photo

Virus In The Domain


  • Please log in to reply
3 replies to this topic

#1 Rohan

Rohan

    New To The Neighborhood

  • Members
  • Pip
  • 21 posts

Posted 22 January 2009 - 10:30 AM

Dear all,

I have a question.

I have got several e-mails complaining that my site is infested with virus. Apperntly somebody has may added a virus/script. The name of script and Trojan is: JS/Obfuscated.

I dont know how to clean this. There are thousends of files in my domain. Can somebody please explain to me how to find this scrpit? How do I find which file has the script and how can I delet it?
how to clean it?

Further how can I prevent this in the future?

I asked TCH to help me but sorry to say that the answer was not at all helpful!!

my domain is lankalibrary.com

Thank you,

Rohan

Edited by TCH-Thomas, 22 January 2009 - 12:56 PM.
Made link inactive.


#2 youneverknow

youneverknow

    Immediate Family

  • Members
  • PipPipPipPip
  • 702 posts

Posted 22 January 2009 - 11:36 AM

I Don't know... but I would NOT CLICK THAT LINK you posted....youneverknow
In a world without walls or fences who needs windows or gates?

#3 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 22 January 2009 - 11:46 AM

You need to reopen your ticket with the help desk and ask the techs to investigate your site.

To prevent situations like this from happening there are several things.

Use strong passwords
Make sure any scripts you are using are secure
Update your scripts if there are newer versions

That is just some of the things you need to do.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#4 JTD

JTD

    Immediate Family

  • Members
  • PipPipPipPip
  • 245 posts

Posted 22 January 2009 - 12:46 PM

Some info on that. And someone needs to kill that link ASAP!!!



Content
JS/Obfuscated.b

Type
Trojan
SubType
Script
Discovery Date
04/23/2008
Length
varies
Minimum DAT
5280 (04/23/2008)
Updated DAT
5280 (04/23/2008)
Minimum Engine
5.2.00
Description Added
04/23/2008
Description Modified
12/04/2008 4:48 AM (PT)

Type

Type of threat.
SubType

Additional type information.
Discovery Date

Date that AVERT discovered this threat.
Length

File size, in bytes, of the threat.
Minimum DAT

McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.

Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.

For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
Updated DAT

McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
Minimum Engine

The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Description Added

Date/time this description was published using Pacific Time.
Description Modified

Date/time this description was last modified using Pacific Time.
Risk Assessment

Corporate User
Low
Home User
Low

Tab Navigation

* Overview
* Characteristics
* Symptoms
* Method of Infection
* Removal
* Variants
* All Information

Overview
JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.
Characteristics

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.

This specially crafted javascript uses various obfuscation techniques to hide the real nature of attacks.
Symptoms

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Additionally some exploits simply cause Internet Explorer to crash and nothing more.
Method of Infection

This threat could be delivered via an email message, IM or an infectious web page.
Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations
Variants
Variants

N/A

All Information
Overview -

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.
Characteristics
Characteristics -

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.

This specially crafted javascript uses various obfuscation techniques to hide the real nature of attacks.
Symptoms
Symptoms -

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Additionally some exploits simply cause Internet Explorer to crash and nothing more.
Method of Infection
Method of Infection -

This threat could be delivered via an email message, IM or an infectious web page.
Removal -
Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations
Variants
Variants -

N/A
Truck Driver and Proud of It

Phantom309Drivers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users