Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Malware undeletes files I have already deleted from the server
Message
<blockquote data-quote="Jack" data-source="post: 89279" data-attributes="member: 1"><p>Hello and welcome to malwaretips.com,</p><p>1.Did you asked the Security team of the hosting company to run a scan of site?</p><p>2.Usually when malware in injected into a site, is commonly the result of a compromised password due to a virus-infected PC. </p><p>Most likely a users password was stolen via a password scraper or keylogger that resides on their local PC or network. So no matter how many changes we make to the password as soon as they type it into FTP or Cpanel its immediately sent off to this script that then injects the files.</p><p>Trojan Zeus/Zbot is the most common vector of attack, so I strongly suggest that your client and all those who have a FTP accounts to scan their computer for malware with the following tools:</p><p>Malwarebytes Anti-Malware : http://www.malwarebytes.org/products/malwarebytes_free/</p><p>HitmanPro : http://www.surfright.nl/en/hitmanpro/</p><p>Emsisoft Emergency Kit : http://www.emsisoft.com/en/software/eek/</p><p>If you suspect that your computer or your client is infected, then we can run additional scans.</p><p></p><p></p><p>3.Change the passwords for all users and all accounts (for example, FTP access, administrator account, content management system authoring accounts).Do not use old passwords, generate new ones. </p><p>Check your users: It's possible that the hacker created one or more new accounts</p><p></p><p>4.What's the URL of the site,can you disclose it , so I can take a look at the source code of the site?</p><p></p><p></p><p>5.Run a scan of the website with the following tools:</p><p>http://sitecheck.sucuri.net/scanner/</p><p>http://www.unmaskparasites.com/</p><p>http://siteinspector.comodo.com/</p></blockquote><p></p>
[QUOTE="Jack, post: 89279, member: 1"] Hello and welcome to malwaretips.com, 1.Did you asked the Security team of the hosting company to run a scan of site? 2.Usually when malware in injected into a site, is commonly the result of a compromised password due to a virus-infected PC. Most likely a users password was stolen via a password scraper or keylogger that resides on their local PC or network. So no matter how many changes we make to the password as soon as they type it into FTP or Cpanel its immediately sent off to this script that then injects the files. Trojan Zeus/Zbot is the most common vector of attack, so I strongly suggest that your client and all those who have a FTP accounts to scan their computer for malware with the following tools: Malwarebytes Anti-Malware : http://www.malwarebytes.org/products/malwarebytes_free/ HitmanPro : http://www.surfright.nl/en/hitmanpro/ Emsisoft Emergency Kit : http://www.emsisoft.com/en/software/eek/ If you suspect that your computer or your client is infected, then we can run additional scans. 3.Change the passwords for all users and all accounts (for example, FTP access, administrator account, content management system authoring accounts).Do not use old passwords, generate new ones. Check your users: It's possible that the hacker created one or more new accounts 4.What's the URL of the site,can you disclose it , so I can take a look at the source code of the site? 5.Run a scan of the website with the following tools: http://sitecheck.sucuri.net/scanner/ http://www.unmaskparasites.com/ http://siteinspector.comodo.com/ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
