html/Iframe.B.Gen on website! URGENT

[chenh]

Hi,

 

My website has a malware. Its the html/Iframe.B.Gen. I contacted my hosting, and he told me the files that have been injected. He told me this:

 

"Your site was unfortunately exploited and a malicious iframe was injected into several files:"

 

This has never happend to me before. What should I do? And how can I prevent this in the future?

 

The hosting told me this: "I would recommend cleaning the injection from these files, and looking through all scripts, themes, addons, and plugins to make sure they are running their latest stable version, and do not have any outstanding security patches."

 

How do I clean the injection?

[vekia]

download your files and scan them with some antivirus software, then reuplod these files to your host.

btw. you have to be sure that your PC is safe, scan it too

[chenh]

download your files and scan them with some antivirus software, then reuplod these files to your host.

btw. you have to be sure that your PC is safe, scan it too

 

Hi,

 

Am going to download AVAST. Do you recommend this software?

[chenh]

download your files and scan them with some antivirus software, then reuplod these files to your host.

btw. you have to be sure that your PC is safe, scan it too

 

Hi,

 

I ask my hosting, and he gave me a list of files that are Infected:

 

I went deleting the links of Iframe, but I realize they going back again, after I delete them. I already change password for the cpanel, ftp account and everything.

 

Also, now the index of www.tiempoerotico.com is giving me this:

 

* NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to [email protected] so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2013 PrestaShop SA * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ require(dirname(__FILE__).'/config/config.inc.php'); Dispatcher::getInstance()->dispatch();@prestashop.com>

 

What else can I do? How do I get ride of this malware!

[El Patron]

generally there is one part of the hack that is 're-inserting' the malicious code.

 

assuming when you downloaded your shop and no virus detected by anti-virus then using ftp open js folder and look for a recently updated or newly added .js file.

 

after you resolve this...consider my PrestaVault module.  http://www.prestashop.com/forums/topic/303132-module-prestavault-malware-trojan-virus-protection/

 

I wrote this after having same issue on my shop June 2011...sucked...now I know if anything changes in my file system.  So if this happens again you simply click the bad files and they are replaced with good files.

[chenh]

generally there is one part of the hack that is 're-inserting' the malicious code.

 

assuming when you downloaded your shop and no virus detected by anti-virus then using ftp open js folder and look for a recently updated or newly added .js file.

 

after you resolve this...consider my PrestaVault module.  http://www.prestashop.com/forums/topic/303132-module-prestavault-malware-trojan-virus-protection/

 

I wrote this after having same issue on my shop June 2011...sucked...now I know if anything changes in my file system.  So if this happens again you simply click the bad files and they are replaced with good files.

 

Hi,

 

What do you mean by downloading my shop? This has never happened to me, am not sure what to do. I know, its sucks since today is my birthday.

[El Patron]

using ftp, download your entire shop, then avast or other malware detector will probably find the problem, just as described by vekia.

 

please make sure to read the advice up top and follow those directions.

[El Patron]

also happy birthday...I know this sucks...and there are services that charge to fix this issue...but hopefully you can fix on your own.

 

don't forget my module after you get a 'safe' site.  Then you can fix this issue in 10 seconds.

[vekia]

in addition, i've got question

you use some other CMS like joomla or wordpress on your hosting account?

these CMS engines are very unsafe...

[chenh]

also happy birthday...I know this sucks...and there are services that charge to fix this issue...but hopefully you can fix on your own.

 

don't forget my module after you get a 'safe' site.  Then you can fix this issue in 10 seconds.

 

Hi,

 

Thank you! I'm 19 now! I'm sorry I'm replying now. My paypal account was also hacked, so I started changing all the passwords of everything. The problem was solve, because my hosting, which is Cirtex or Hostv, made a backup or restore of previous days.

 

At this moment I have another website using wordpress, but am not sure if that affects my main one. Now am going to see what can I do to improve my website's safety. 

[El Patron]

Hi,

 

Thank you! I'm 19 now! I'm sorry I'm replying now. My paypal account was also hacked, so I started changing all the passwords of everything. The problem was solve, because my hosting, which is Cirtex or Hostv, made a backup or restore of previous days.

 

At this moment I have another website using wordpress, but am not sure if that affects my main one. Now am going to see what can I do to improve my website's safety. 

 

That's great news!...happy 19th, I have socks that old..jajajaja