![]() ![]() Please download Farbar Recovery Scan Tool and save it to your Desktop. I would like to run a different programme for the moment to determine the main cause ![]() I do not use torrent myself so I hope you know how to delete them OK one of your torrent seeds is responsible for this. Anyway, please understand if there's like a 12 hour gap between my replies! I thought it might help to mention I'm posting from Australia so my times won't exactly match up with yours, if the "time posted" stat next to my topic is anything to go by, haha. I have no idea what to do to get rid of this stupid trojan, or how I even got it in the first place. OTL is working though, and I've uploaded the two. T_TĪs for aswMBR, I'm running Windows 8 so I can't use it. Is this the spastic virus wreaking havoc with my computer?! God I hope not. I've tried installing AdwCleaner coz it was recommended on a few threads, but same thing happened. I've downloaded the install file directly from the Malwarebytes site and from the links provided in the instruction thread, but I keep getting an error message that the "setup files are corrupted" and to "please obtain a new copy of the program". I'd upload the MBAM logs, except my laptop isn't letting me install it (or execute ANY. I get the notification every few seconds even after I've run scans with avast! and YAC. I know that IPSwitch offers an FTP program that will do SFTP as well.I've been getting popups from avast! since last night telling me it saved it me from JS:Redirector-BOS. Move away from FTP and use something that has SFTP or SCP. This is why sometimes you'll get a site cleaned, but as they upload a new javascript menu file, for instance, that is the only file that contains the malscript. Or we've also seen cases where it automatically looks at the FTP traffic and adds their malscripts (malicious javascript) to certain files as they're being uploaded. While we haven't been able to isolate the virus, we've found that people who's websites have been compromised are typically using a PC that's infected with something that sniffs the FTP traffic and obtains the username and password, then the cybercriminals (hackers, crackers, whatever) use their automated systems to continually re-infect your website. FTP sends username and password in plain text. Too often people think that FTP is a safe and secure protocol - it's not. What we have found is that it's not the hosting provider, it's not some vulnerability in the software (Drupal), it's not some hole in a plugin - it's the PC you're using to send the files up to the server. We scan them for vulnerabilities and find they are relatively secure. We have been seeing a lot of websites getting compromised. Some one please help as this is causing av of many legit users problem in visiting the sites. What are the possible files that can give rise to the code when the page is generated? How can an internal search be made on the drupal files - downloading and searching by windows search do not show the malacious code. The hosts say they have no other cgi, files etc that can cause this and apprentlyĬhecking the web directory gives no suspicious file. This issue is reported in avast forums also ( do a google search on JS:Redirector-G ) The thing but in drupal apparently it still persists even after cleaning index files or freshly uploading js files. NewThis is happening with new installation of latest 5x drupal as well as other pages/scripts.įor some pages/scripts cleaning the index files ( index php, index.html) etc corrects \modules\img_assist\drupalimage\editor_plugin_src.jsĬan anyone tell me how the page is generated and where this could be coming from? It has been inserted between the end of the and the start of the tags \modules\img_assist\drupalimage\editor_plugin.js \modules\img_assist\img_assist_tinymce.js \modules\img_assist\img_assist_textarea.js These are some of the corrected files, I have checked that they are still uninfected: The problem is that the code is still showing up in the browser right after the tag and I need to find where this is in the code or database Once this has been fixed I'll upgrade but I need to find the problem first. If it is an FTP based attack that won’t prevent it happening again but at least I can identify the files and rectify it quickly now. I’ve removed the code and write protected the files in case it was a SQL injection attack. I have downloaded the site and run TextCrawler which identified 17 infected files I have been asked to support an old version of drupal 4.7.4 which has been infected with JS:Redirector-G This may not be drupal problem but ftp attack or sort of itīut need some urgent help to clean drupal or any module or utility in drupal ![]() As version could not be changed I am repeat posting for drupal 5x ( and may be 6x also) ![]()
0 Comments
Leave a Reply. |