Jump to content
xisto Community
Sandokan

Virus..

Recommended Posts

For some reason I was unable to acces my FTP with my FTP program. This isn't a problem at all,I just use my File Manager in the CP. But when I want to upload a file it says: Virus Found Not Uploaded(Trojan Downloader ect....) but when I scan it with my Virus Scanner it turn out negative. Is there a way to shut this Virus control off?

Share this post


Link to post
Share on other sites

If I were you I would not attempt to disable the scanner, On a couple of conditions:

1. Upload the file here - https://virusscan.jotti.org/en - This site will scan it with all the major and some not so major scanners (may take a long time as it did for me)
2. If the file is infected, I recommend deleting it from you're harddrive and recycle bin.
3. Note uploading a file which you know may be a virus might breach the TOS of you're hosting. I'm not sure but it's not fair to others anyway to distribute possible stuff around.
4. Grab yourself Kaspersky Internet security and do a full scan, I can highly recommend it! No I'm not paid to say that nor do I work for them :-)

Sorry if this seems complicated. It's 1:30 in the morning for me so I've treied to lay this out as simple as possible, for mine and your sakes!!!

James

Edited by Jimmy (see edit history)

Share this post


Link to post
Share on other sites

Thanx I'll look into your suggestions :)EDIT:Ok it found a Trojan Downloader so it's really there. But how can I remove it because it's one of the HTML filesI need to upload to add a new page. I use a easy program and I just click "export HTML" and it's there. I have created new ones twice allready but it keeps having a virus. What can I do??Thanx

Edited by Sandokan (see edit history)

Share this post


Link to post
Share on other sites

Thanx I looked it up but I didn't find anything about it. I downloaded a special Trojan Remover which didn't even find it! :)On google I can't find much :(I'll just keep looking :([hr=noshade] [/hr]On suggestion of Jimmy I have got the complete version of one of the latest Kaspersky Internet security and not even that could find it!How am I supposed to remove a virus which allmost no Virus scanner can find ???? :(What can I do :( This would mean I can never update my website again :(

Share this post


Link to post
Share on other sites

I use a easy program and I just click "export HTML" and it's there.

How long have you used this app and how many webpages have you made with it?

 

the fact the malware that has infected the files is a Trojan Downloader Suggests to me that other files in your system are infected as malware generally takes three steps, Infection, multiplication/delete files etc... and then finally distribution and it seems this malware is either distributing or copying itself which means that its likely your PC is infected. I know a lot of things have been suggested but i suggest one free AV, Avast anti-virus, every PC i can i install it on so far its about 4 or 5 and its perfect so give that shot, download it by searching google, you dont NEED to register for this but you can do if you want to keep it, again this is free. Now once installed schedule a Boot Time Scan and restart, your PC will be searched before that damned malware has a chance to open its eyelids and hide itself and hopefully this will catch it.

 

The other thing that you can try is a Hijackthis log, search google for that, download the app and run it then post the results here and if possible on their website and let the gurus see whats running. If neither of these find it then you must have a dormant infection, EG its infected the file but isnt doing anything else for the time being, or its brand new malware that hasnt been seen yet or its so small not many people have seen or registered it.

 

The thing that concerns me is that you say you use an app that makes your HTML files, is this app a well known piece of kit like Fronpage or something like that or is it something you found while searching the net and have never heard of? If its the second then this app could be what planted the seed in the HTML file and you should get rid of it pronto!

 

If nothing finds anything then delete the infected file and try again see if it happens again, it could simple be a bit of corruption during the upload that caused the error, on the other hand you could have been hit

Share this post


Link to post
Share on other sites

Could you post a screen shot and give exact details as to what the trojan name is because your not giving the relevant information to help fix this problem. It also seems that the anti-viruses are not working for some reason or you haven't configured them properly or updated the virus list as well. Also try scanning for the trojan in safe mode and see if anything happens during that scan. I have to agree with shadowx that it seems that this program could be the cause of your files not getting uploaded properly, and you might have to look for something else to edit your files.So if you can post more information on what this error says maybe we can find a solution to how to remove this trojan or file thats infecting everything.

Share this post


Link to post
Share on other sites

I've been using this app for some time now it's called Web Page Maker, you can google it if you want.

I'll try all of your suggestions in the morning and I'm not giving much details because I don't have any :)

It's called: Trojan.Downloader-2388

Share this post


Link to post
Share on other sites

Well thanks to that name I think I found a workable solution that makes the most sense to me, in a technical aspect:

Reply:
I have just removed this trojan from my computer using AVG free edition using the steps below.

Step 1 - Turn off System Restore - Control Panel, System, System restore tab, then check "Turn of system Resotre"

Step 2 - Restart computer in "Safe Mode" - Start, Run, type "msconfig", then OK, clik tab marked "BOOT.INI", then check /SAFEBOOT, then OK, then Restart.

Step 3 - while in safe mode, scan your entire computer with your updated antivirus software and remove infected files. My copy of Norton was out of date. I found a good, free antivirus called AVG Free Edition. It can be downloaded at:

http://www.avg.com/de-de/free-antivirus-download

Step 4 - Repeat step 2, but this time un-check /SAFEBOOT and restart. After restart, turn system restore back on.

Hope it helps!


I knew before searching the topic that you would have to be working in safe mode in order to get this out, of course if your ready for some hardcore computing then check out this site as this person like so many others with this type of trojan has a good success rate.

Also here is some more info and another solution from the McAfee group.

So when your ready to try one of these methods either have another computer going with this info so you can read as you go through the steps, or have a print out of it.

Share this post


Link to post
Share on other sites

Well i googled the name along with many keywords and search symantec and similar security sites but i couldnt find a match, only similar malware EG Trojan.Downloader.something which could be related but thats not likely to yield many results...

 

Is there no other information you have on it?

 

Ok it found a Trojan Downloader so it's really there. But how can I remove it because it's one of the HTML files

I need to upload to add a new page

How did you confirm its there? If it was from a virus scan do you have a screenie of the scan results or something like that?

 

Another thing to consider is if its inside a HTML file the code should be human readable as to distribute itself the malware will most likely use Java or Javascript or other languages used to make websites which will then enable the attack on the unsuspecting user. Don't do this yet If nothing else works another option is to provide a screenie of the code of the HTML file if possible. I would want the mods/admins to check this thread first and make sure it isnt in violation of the ToS etc... and of course it could only be a screenie not a copy-paste of the actual code. But as i say, dont do this yet, let's see if anything comes up first.

I have created new ones twice allready but it keeps having a virus. What can I do??

well if the malware cant be removed ( which i think it can eventually) then you could try deleting Web Page Maker and re-installing it as its possible the EXE has been infected which is why it copied bad code into all the HTML files made with it, if you havent already (but it sounds like you have) then use every AV software you've got to scan the Web Page Maker program folder as methinks this EXE or partner EXE's have been infected.

Share this post


Link to post
Share on other sites

Well, I found out that the virus is there when I wanted to upload it and confirmed it with this website : https://virusscan.jotti.org/en
Jimmy gave, here is a screenshot:

http://tinypic.com/images/404.gif

I will try that last option of shadowx first because it really seems logic :(
If it doesn't work I will deffenitly try the rest, thanx :)

Update 1:
Uninstalling and Reinstalling Web Page Maker completely didn't solve the problem :(

Greetzz

Share this post


Link to post
Share on other sites

Ah thanks for the Screenie, i found a hit on the second malware mentioned there, Trojan.Downloader.JS.Small.dn Interestingly though the only result i could find was by using "Trojan" to start it rather than "Troj" so maybe the online scan shortened the name, either way it sounds like the right thing. A short description can be found here http://forums.xisto.com/no_longer_exists/

 

It is indeed a downloader as the name suggests, it seems to download an EXE which is then executed and thats the part to really worry about. Unfortunately it didnt have removal instructions but i have some suggestions now that we have a lead...

 

The first is to try this AV program http://www.avira.com/en/downloads download the home personal one as its free. The reason i suggest this is that symantec and other big names seem to be oblivious to this as was found by the AV's you tried and the fact their security response sites didnt even recognise the malware name. However this AV company seem to have recognised it so i think its definitely worth a shot with this AV, you can always uninstall all these AV progs afterwards.

 

If that doesnt work then i have another suggestion. The online scanner found two malware, possibly the same one just with a different name and one of the scanners that found it was the ClamAV scanner. Ive never heard of this scanner but ive done a google and found a windows download version of it: http://forums.xisto.com/no_longer_exists/ I know the website doesnt look much but its used by the online scan company and has been on *nix for years apparently so it seems legit and useful so give that a shot. Again i suggest this because it seems to be able to recognise the malware and hopefully remove it.

 

 

Update 1:

Uninstalling and Reinstalling Web Page Maker completely didn't solve the problem


I see.. Bad times.. So in theory that application should be good which means something else is infected... The problem is that we only know you are infected because you tried to upload a HTML file and as no AV so far has detected it you never know how many files are infected already... If you havent already got a firewall install Comodo firewall (google it, very reputable i use it on every machine i touch) and set it to the custom security level and if you get alerts for things like IM clients or Web browsers accept them but dont check the "remember my decision" box. If anything comes up with a red alert (you can tell because the top of the alert box will be red) deny it and if any programs access the internet when they shouldnt be (such as text editors and programs that work when you arent connected to the net) Deny them also but remember dont check the remember box. If you've already got a firewall then keep a close eye on it just in case something tries to download something you dont want.

 

I have faith in the two AVs i suggested so give them a shot and see if they can catch it. If possible do all these scans in safe mode as Saint_Michael said. I've just seen his post and didnt realize it untill now... Seems odd how it got in there without me noticing! Anyway try his suggestions first as they seem to have more credibility and if they dont work then try mine

Share this post


Link to post
Share on other sites

Okay I have an idea, it may seem barmy at first, but would you be able to open with notepad or wordpad the .html file that is "infected", copy all the text and paste it in a "code" tag on here please? That may give a hint as to where the thing stems from or what it contacts etc etc... (Make sure you paste it in a code tag, we don't want infected stuff here on trap!!)

 

Good Luck

Share this post


Link to post
Share on other sites

copy all the text and paste it in a "code" tag on here please?

I sorta suggested that but using a screenie of the code rather than the actual code on T17 as a screenie is a lot safer than having mal-code on the forums as its always possible there would be a leak. So i would say use a screenie instead of the code itself just in case!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.