Hi Can anyone help … my blog xxx.esquinapower.com when opened shows that a Trojan virus has been detected.
We have had our web designers clean the site twice now and they can not detect any virus.
I have McAfee and Avast installed on my computer and only Avast picks up the Trojan.
Can anyone shed some light on this?
Any advice would be appreciated!!
Hello. Polonus will help you.
A word of advice. NEVER have more then 1 AV running. It will kill your system performance. I’m on a school network and the site is blovked. I’ll run some scans of my own. Can you attach a screenshot of Avast! blocking it?
[Edit]: Also, that link cannot be live or it will be forcefully be removed. Please change it to xxx.esquinapower.com
I have no Avast installed, who told me about this virus were the users. When I am surfing on my blog, nothing is detected.
Some site checkers.
UrlQuery:
http://urlquery.net/report.php?id=6848667
Sucuri:
http://sitecheck.sucuri.net/results/www.esquinapower.com
@Prop
Malware is very silent. DBD is common and can be unknown. Most viruses can auto-execute. THe fact that it’s blocked by my school network should say something
@OP
Polonus will probably rip this site apart looking for the malware. (Metaphorically). Expect a lot more links showing the issues.
There is this Sucuri alert: Wordpress internal path: /home/esqui094/public_html/wp-content/themes/ArtSee/index.php
The malware is given here: http://support.clean-mx.de/clean-mx/viruses?id=15166014
Originally flagged by Sophos here: https://www.virustotal.com/nl/file/41d118d3533ce1edf5e8d335be7609315fdc8cce3eea181d135bd182204e8d59/analysis/
For what happened see: http://support.clean-mx.de/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fesquinapower.com%2Fauthor%2FPropagno%2Fpage%2F83%2F
See the excessive header and the clickjacking warnings: https://asafaweb.com/Scan?Url=esquinapower.com
These are problems that have to be tackled at server level at your hoster…
For instance consider the IDS alerts here: http://urlquery.net/report.php?id=6848728
And there are certain threats that could lure in the background: http://blog.malwarebytes.org/whats-in-the-news/2013/06/facebook-virus-that-drains-your-bank-accounts-what-you-need-to-know/
pol
I will see this problems. Thanks a lot
No clue. What he says is beyond me. If you take that info to the person that is renting the domain to you. They’ll fix it.
Polonus, if I removed the clickjacking and it happened again. have I to contact my hoster to solve it or Can I solve?
You could add the framebreaker script given here: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
On Facebook see here: http://consumerist.com/2011/05/13/how-to-fight-clickjacking-on-facebook/
At server level see the recommendations at asafaweb, but you have to take that up with Softlayer…
polonus
The clickjacking script was implemented around 2 months and this problem occurred around 1 week. by the way, I have contacted my hoster, I am lost how to fix it. It only happens when the user have avast installed =/
Hi Propagano,
It is only detected by avast and Sophos that is a better way to put it, the malcode is there all the time and it should be tackled.
How read here: http://www.cirt.net/clickjack-test
The click jacking test page can be downloaded here: http://www.cirt.net/source/clickjacking-test.html.zip (links posted by dave)
You could also risk a general IP block whenever one of the other 48 domains are being blocked on that same IP:
http://sameid.net/ip/50.97.106.94/ (that is another constant risk you are running) see recent reports on same IP:
→ http://urlquery.net/report.php?id=6848728 and http://sitevet.com/db/asn/AS36351 with 4529 Blacklisted URLs!
polonus.
I will keep reading about how fix clickjacking and excessive headers. but i already sent a email to my hoster (hostgator).