Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


15 posts

Geek


Topic # 7381 10-Apr-2006 18:32
Send private message

Hi,
A web host client has had complaints that his website is infexted with some kind of virus. At this stage we don't even know if the complaint is about at trojan or some other vermin.

Is there any program that can be run from a remote location which tests a website for such infections? sort of a NAV for websites?

Thanks for any help.
Bruiser

Create new topic
BDFL - Memuneh
61173 posts

Uber Geek
+1 received by user: 11946

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 32739 10-Apr-2006 19:54
Send private message

All programs will have to run locally - and be installed locally to run. Unless you have the AV installed on your machine, map the remote drive and run the scan. Probably really slow if it's a large machine, and not on the same (fast) network.







15 posts

Geek


  Reply # 32745 10-Apr-2006 20:28
Send private message

The "other machine" is a client's website which is hosted 800 k's from my office. I need to know if there is a way of determining whether his website has been infected by some means, and if so, what the infection is. I don't think re-mapping is the answer here?

Regards,
Bruiser

I iz your trusted friend
5801 posts

Uber Geek
+1 received by user: 139

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 32752 10-Apr-2006 21:42
Send private message

rinse, wash, and re rinse, and wash, and repeat.


my guess probably the infected files got uploaded to the site, and are linked in the webpages... best to remove all files, check through each file that will be uploaded at the development environment, scan with antivirus. then upload fresh new copy




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


BDFL - Memuneh
61173 posts

Uber Geek
+1 received by user: 11946

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 32753 10-Apr-2006 21:45
Send private message

That's the most appropriate course of action. If you don't have an AV already installed, then assume the whole machine is compromised and simply start from the scratch, reloading OS and all files - and any database from the last backup, unless you can create a reliable database backup before starting the process.

Some worms (mainly in PHPBB forums apparently) can insert themselves into the code and then replicate from there.

Cleaning this may cost more in terms of time than simply recreating the servers.





Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.