our webhost has some viruse....please ...

HOw can I know that where are these infected files ?

(our website is linux system .version:Linux version 2.6.9-22.ELsmp (bhcompile@porky.build.redhat.com) (gcc version 3.4.4 20050721 (Red Hat 3.4.4-2)) #1 SMP Mon Sep 19 18:32:14 EDT 2005

the following is some information about the scanning.:

avast -V
avast: avast v1.0.8
VPS: 000714-0 (date: 15.02.2007)
Copyright(C) 2003-2007. ALWIL Software. All rights reserved.

Statistics:

scanned files: 182627

scanned directories: 15460

infected files: 4

total file size: 25.0 GB

virus database: 000714-0 15.02.2007

test elapsed: 26m:41s 177ms

What version of avast are you using, home or pro ?

Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.

You should have been prompted for action (move to chest, etc.) when they were detected (home version) what action did you take ?

Thank you for your answer.so fastly!

firstly I have installed the RPM :avast4workstation-1.0.8-1.i586.rpm

secondly ,is
avast4server-3.0.1-1.i586.rpm
avast4guard-3.0.1-1.i586.rpm
avast4mail-2.0.1-1.i586.rpm
libavastengine-4.7.1-1.i586.rpm

and then update the database throught the command “avsts --update”

now my host have the “iframe” viruses and worms
please visite my website: http://www.haikong.com/english/
You will find that my host has been infected by some viruses.

your avast software have found four infected files, I found these and delete these four files,
reboot my host.

But the “iframe” viruses is still online. Why?

do you have good advice.
thank you very much.

Although this is in relation to a possible virus, I’m not sure you might get a better response in the avast 4 Linix/Unix forum as an avast 4 home user I have no experience of the avast 4 linux versions.

I tried the link but I can’t get into it (I use firefox and noscript extension) I keep getting the connection to the server was reset. This could be because by default no script runs until I allow it permission.

However I used the DrWeb link checker and it didn’t discover anything at the link you gave.

Hopefully one of the Alwil team will pick up on this.

It seems clean…