Virus In The Domain

[Rohan]

Dear all,

 

I have a question.

 

I have got several e-mails complaining that my site is infested with virus. Apperntly somebody has may added a virus/script. The name of script and Trojan is: JS/Obfuscated.

 

I dont know how to clean this. There are thousends of files in my domain. Can somebody please explain to me how to find this scrpit? How do I find which file has the script and how can I delet it?

how to clean it?

 

Further how can I prevent this in the future?

 

I asked TCH to help me but sorry to say that the answer was not at all helpful!!

 

my domain is lankalibrary.com

 

Thank you,

 

Rohan

Edited January 22, 2009 by TCH-Thomas
Made link inactive.

[youneverknow]

I Don't know... but I would NOT CLICK THAT LINK you posted....youneverknow

[TCH-Bruce]

You need to reopen your ticket with the help desk and ask the techs to investigate your site.

 

To prevent situations like this from happening there are several things.

 

Use strong passwords

Make sure any scripts you are using are secure

Update your scripts if there are newer versions

 

That is just some of the things you need to do.

[JTD]

Some info on that. And someone needs to kill that link ASAP!!!

 

 

 

Content

JS/Obfuscated.b

 

Type

Trojan

SubType

Script

Discovery Date

04/23/2008

Length

varies

Minimum DAT

5280 (04/23/2008)

Updated DAT

5280 (04/23/2008)

Minimum Engine

5.2.00

Description Added

04/23/2008

Description Modified

12/04/2008 4:48 AM (PT)

 

Type

 

Type of threat.

SubType

 

Additional type information.

Discovery Date

 

Date that AVERT discovered this threat.

Length

 

File size, in bytes, of the threat.

Minimum DAT

 

McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.

 

Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.

 

For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.

Updated DAT

 

McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.

Minimum Engine

 

The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.

Description Added

 

Date/time this description was published using Pacific Time.

Description Modified

 

Date/time this description was last modified using Pacific Time.

Risk Assessment

 

Corporate User

Low

Home User

Low

 

Tab Navigation

 

* Overview

* Characteristics

* Symptoms

* Method of Infection

* Removal

* Variants

* All Information

 

Overview

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.

Characteristics

 

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.

 

This specially crafted javascript uses various obfuscation techniques to hide the real nature of attacks.

Symptoms

 

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

 

Additionally some exploits simply cause Internet Explorer to crash and nothing more.

Method of Infection

 

This threat could be delivered via an email message, IM or an infectious web page.

Removal

 

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

 

Additional Windows ME/XP removal considerations

Variants

Variants

 

N/A

 

All Information

Overview -

 

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.

Characteristics

Characteristics -

 

JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system.

 

This specially crafted javascript uses various obfuscation techniques to hide the real nature of attacks.

Symptoms

Symptoms -

 

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

 

Additionally some exploits simply cause Internet Explorer to crash and nothing more.

Method of Infection

Method of Infection -

 

This threat could be delivered via an email message, IM or an infectious web page.

Removal -

Removal -

 

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

 

Additional Windows ME/XP removal considerations

Variants

Variants -

 

N/A