Trojan..or not...can anybody help!? (please)

Hello there

I don’t know if anyone can help me…I’m having a problem with my website. Avast identifies a virus on one of the pages:-

http://www.cat-rabbit.com/Gallery.html

It says there’s a trojan in object file www.cat-rabbit.com/colors.css

I’m a bit confused though because i do not have a file called that on the system. I’ve checked with my webhost and they’ve verified this. So…how can i delete/replace an infected file if it doesn’t exist?? Also, and even more puzzling…if i type in a fictional address@cat-rabbit.com

e.g www.cat-rabbit.com/12345.html

…avast identifies a trojan in the object file www.cat-rabbit.com/12345.html (which, again doesn’t exist).

Virus Total scans the site as clean (as does google) so I thought it might be a false positive. I’ve emailed avast and they said the problem is in file www.cat-rabbit.com/colors.css (???)

I’ve tried re-loading the gallery page with a clean page but the avast warning remains.

If anyone an offer any advice I’d be very grateful…this is driving me potty! My site works to help raise money for the blind.

Many thanks

From_atlantis

But google chrome can see the file 12345.html and tell me there is a link to waistor(dot)com which host the bad program.Maybe your website hacked.

Thanks.

I’ve had an email from Avast and they’ve advised me to check 404 - which may contain the problem. As I understand it this is the page which comes up if someone types in a page which doesn’t exist @my domain.

Unfortunately i don’t know how to do that…if you have any advice regarding this it would be appreciated.

Regards

Unfortunately i don't know how to do that...if you have any advice regarding this it would be appreciated.
Tips for Cleaning & Securing Your Website http://stopbadware.org/home/security

thanks.

I’ve resolved it now with the help of a very helpful avast employee! malicious code had been inserted into my error documents. Gosh…it’s a minefield out there! :o

Now you have to close the vulnerability that allowed the exploitation/hacking of your site or it could be back again.

So the link Pondus gave should help in that regard, you could also report this to your site Host provider and ask advice as this is frequently down to out of date content management software. Some of this software may be provided by the Host service, so worth a quick email/call to their support.

Thankyou, yes - that’s good advice. I’m following the recommendations on the stop badware site and have been in touch with my host.

cheers :slight_smile:

No problem, glad I could help.

Welcome to the forums.