then the second warning occurs:
the virus Win32:Banload-ST [trj.] seams to be on the Laptop
→ we delete it
The InternetExplorer crashes.
When we open our homepage next time everything works fine - until the warnings appears anytime again.
Avast is also installed on my personnel PC and the warning never appeared before ( I use Mozilla).
I have no idea what to do in this case :-/
Is there a problem with our homepage or does somebody else manipulated our website? Or is there a problem with the Laptop.
Besides one of our homepage-guests also told us about a problem with our homepage
When he opened our mainside he got the following message:
F-Secure® Internet Gatekeeper™ has detected a virus in one of the files:
Virus: DoS.JS.Dframe.n
For security reasons, the file was not downloaded. For additional information about viruses and other security threats, connect to http://www.f-secure.com/virus-info/
We have already asked our provider but he could not find any problems (no warnings when entering our website)
Please modify your post and edit the URL so that it isn’t active (see example below) to avoid accidental exposure to a suspect URL.
I just visited that link and no alert, however it doesn’t connect to that page but to http :// www. deutschebank.net. A check of your link with DrWeb link checker doesn’t find anything on that exe.php page.
Though I browse with scripts disabled using Firefox with the NoScript extension. With scripts temporarily allowed it still doesn’t alarm and redirects to the above URL.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx or URL, break any URLs to avoid exposure) ? Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
Sorry it is a mystery to me also, what did you use to put your index page together ?
This script would probably fail in browsers that use strict W3C html compliance as any script tag should have what the script type is. I’m sure that you didn’t put it there otherwise you wouldn’t be asking, so I suggest you contact your Host and see what they make of it.
I use frames. But the script I did not write on my own.
I have entered my website link in my profile. Maybe, you have a look on yourselves. You also find the website-text attached before I changed it today (now the script at the end does not appear anymore).
My hoster told me:
“It is not possible to find out How the trojan comes on your website or Who wrote it in as due to the clustered structure of our systems there is no single log file for you to use as your site is served by many servers.”
“For maximum security please ensure your account password is secure (at least 6 mixed numbers and
letters) and that it is changed regularly. Also ensure that no folders have insecure permissions (such as 777 (unlimited access)) you can check that from the File Manager in the control panel.”
So I changed all my passwords- I have never had done it before :-[ Now I know why, probably :-\
I am not really good in writing html, i am just trying, so that it works. Then i am happy
Thanks for your help, maybe you now have more information to find out, what that mysterious script tries to cause.
As I wrote before: Some homepage guest (not all) got virus warning such like:
Well there are viruses that take advantage of vulnerabilities in PHP and they can inject code into pages. So I guess it is important that the Host has the latest version of PHP and tightens the security of the php hosting package.
I understand basic html coding enough to get in trouble ;D, seriously you will have check all the pages and remove this script on all of those it is found on.
When uploading pages to your host you need to ensure that the pages only have the permissions (chmod) required for that page and for most that will be read. http://catcode.com/teachmod/.
