A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Virus and/or malware warning when entering site



 
 
Thread Tools Display Modes
  #1  
Old January 20th 10, 10:40 AM posted to microsoft.public.windowsxp.security_admin
Belprice
external usenet poster
 
Posts: 54
Default Virus and/or malware warning when entering site

I work for an online travel and leisure company and a few days ago peopele
started calling us and saying we had a virus and/or malware , spyware warning
popping up when they tried to get into the site. The message is
below:...............

Reported Attack Site!

.......This web site at www.forcetravelclub.co.uk has been reported as an
attack site and has been blocked based on your security preference.


Attack sites try to install programs that steal private information, use
your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are
compromised without the knowledge or permission of their owners. END......

Our IT guy has run all the usual virus and spam/maware/spyware programs and
they all come up clear. I was wondering if the reason for this may be that
someone has hacked into our server and/or done something which makes this
message come up. Also when you do a Google search for our site ( Force Travel
Club) you also get a warning that the site may harm your computer if you go
into it.

Its causing us loads of problems and everyone who goes near the site gets
these warnong messgaes and stay way clear. I would be very very grateful for
any help or advise on how to deal with this problem


Thanks in advance.

JC








Ads
  #2  
Old January 20th 10, 04:35 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default Virus and/or malware warning when entering site

On Wed, 20 Jan 2010 01:40:01 -0800, Belprice
wrote:

I work for an online travel and leisure company and a few days ago
peopele started calling us and saying we had a virus and/or malware ,
spyware warning popping up when they tried to get into the site. The
message is
below:...............

Reported Attack Site!
......This web site at www.forcetravelclub.co.uk has been reported as an
attack site and has been blocked based on your security preference.

Attack sites try to install programs that steal private information, use
your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are
compromised without the knowledge or permission of their owners.
END......

Our IT guy has run all the usual virus and spam/maware/spyware programs
and they all come up clear. I was wondering if the reason for this may
be that someone has hacked into our server and/or done something which
makes this message come up. Also when you do a Google search for our
site ( Force Travel Club) you also get a warning that the site may harm
your computer if you gointo it.

Its causing us loads of problems and everyone who goes near the site gets
these warnong messgaes and stay way clear. I would be very very grateful
for any help or advise on how to deal with this problem


Thanks in advance.

JC



For the Google warning see:

FAQ: Malware and hacked sites
http://www.google.com/support/forum/...6fc0996a&hl=en

" Q: My site has been labeled as "This site may harm your computer." What
do I do?
A: Clean up your site. If you don't know how to do this, contact your web
host for help.


Q: Google's search results say I have malware, but I can't find it!
A: If you can't find malware on your site yourself, it's generally best to
let the users in the Webmaster Help Forum help you to find it. Oftentimes,
malware is somewhat hidden. "

Malware and Hacked Sites section of the Google Webmaster Help Forum
http://www.google.com/support/forum/...6fc0996a&hl=en

I tried to access the site using Firefox 3.0.17 and now see the "attack
site" warning. It would be nice if you had included such information in
your initial post.
The advisory is provided by Google so just contact them for assistance in
locating where the malicious content may be.

http://www.google.com/safebrowsing/d...b.co.uk/&hl=en

" What is the current listing status for forcetravelclub.co.uk?

Site is listed as suspicious - visiting this web site may harm your
computer.

Part of this site was listed for suspicious activity 1 time(s) over the
past 90 days.

What happened when Google visited this site?
Of the 4 pages we tested on the site over the past 90 days, 4 page(s)
resulted in malicious software being downloaded and installed without user
consent. The last time Google visited this site was on 2010-01-19, and the
last time suspicious content was found on this site was on 2010-01-18.

This site was hosted on 1 network(s) including AS15418 (FASTHOSTS).

Has this site acted as an intermediary resulting in further distribution
of malware?

Over the past 90 days, forcetravelclub.co.uk did not appear to function as
an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites,
which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your
site using Google Webmaster Tools. More information about the review
process is available in Google's Webmaster Help Center. "



MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
  #3  
Old January 20th 10, 04:45 PM posted to microsoft.public.windowsxp.security_admin
David H. Lipman
external usenet poster
 
Posts: 4,185
Default Virus and/or malware warning when entering site

From: "MowGreen"

snip

| For the Google warning see:

snip

Site was WAS compramised.

See Multi-Post in; microsoft.public.security

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


  #4  
Old January 20th 10, 07:10 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default Virus and/or malware warning when entering site

Got it. Darn multiposters !!! w
It's a sad commentary when a law enforcement website doesn't understand
how their site was hacked.


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked



David H. Lipman wrote:

From: "MowGreen"

snip

| For the Google warning see:

snip

Site was WAS compramised.

See Multi-Post in; microsoft.public.security

  #5  
Old January 20th 10, 07:16 PM posted to microsoft.public.windowsxp.security_admin
David H. Lipman
external usenet poster
 
Posts: 4,185
Default Virus and/or malware warning when entering site

From: "MowGreen"

| Got it. Darn multiposters !!! w
| It's a sad commentary when a law enforcement website doesn't understand
| how their site was hacked.


LE site ?

Looked like a travel club site.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


  #6  
Old January 20th 10, 08:40 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default Virus and/or malware warning when entering site

"Force" Travel Club, David.
It's " An exclusive web site for Police Officers, Police Staff, and
Retired Police Offers " in the UK.

MG

David H. Lipman wrote:

From: "MowGreen"

| Got it. Darn multiposters !!! w
| It's a sad commentary when a law enforcement website doesn't understand
| how their site was hacked.


LE site ?

Looked like a travel club site.


  #7  
Old January 20th 10, 09:48 PM posted to microsoft.public.windowsxp.security_admin
David H. Lipman
external usenet poster
 
Posts: 4,185
Default Virus and/or malware warning when entering site

From: "MowGreen"

| "Force" Travel Club, David.
| It's " An exclusive web site for Police Officers, Police Staff, and
| Retired Police Offers " in the UK.

| MG

I see. Danke.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


  #8  
Old January 20th 10, 09:54 PM posted to microsoft.public.windowsxp.security_admin
Leonard Grey[_3_]
external usenet poster
 
Posts: 3,048
Default Virus and/or malware warning when entering site

There's a good joke about traveling cops somewhere in this thread...I
just can't think of one at the moment. ;-)
---
Leonard Grey
Errare humanum est

David H. Lipman wrote:
From: "MowGreen"

| "Force" Travel Club, David.
| It's " An exclusive web site for Police Officers, Police Staff, and
| Retired Police Offers " in the UK.

| MG

I see. Danke.


  #9  
Old January 21st 10, 01:02 AM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default Virus and/or malware warning when entering site

Does it have anything to do with donuts ? w

MG


Leonard Grey wrote:

There's a good joke about traveling cops somewhere in this thread...I
just can't think of one at the moment. ;-)
---
Leonard Grey
Errare humanum est

David H. Lipman wrote:

From: "MowGreen"

| "Force" Travel Club, David.
| It's " An exclusive web site for Police Officers, Police Staff, and
| Retired Police Offers " in the UK.

| MG

I see. Danke.


  #10  
Old January 21st 10, 11:22 AM posted to microsoft.public.windowsxp.security_admin
Belprice
external usenet poster
 
Posts: 54
Default Virus and/or malware warning when entering site

Hi Dave , Mo Leo and all others offering me great help and advise.


Thanks thus far for all your help , we are currently going through the info
and advise you all provided. All we want is to remove the warning sign and
have the site up and running again. One of you sauggested that we contact
Google and have them remove the message , but how does one go about this.
Also , am I right in that we have a malware issue here , or am barking up
the wrong tree.!

Thanks in advance..

Your truely Inspector Clueso...An officer of the LAW!!!!

"MowGreen" wrote:

Does it have anything to do with donuts ? w

MG


Leonard Grey wrote:

There's a good joke about traveling cops somewhere in this thread...I
just can't think of one at the moment. ;-)
---
Leonard Grey
Errare humanum est

David H. Lipman wrote:

From: "MowGreen"

| "Force" Travel Club, David.
| It's " An exclusive web site for Police Officers, Police Staff, and
| Retired Police Offers " in the UK.

| MG

I see. Danke.


.

  #11  
Old January 21st 10, 11:37 AM posted to microsoft.public.security,microsoft.public.windowsxp.security_admin
Martin Gerhold[_2_]
external usenet poster
 
Posts: 4
Default Virus and/or malware warning when entering site

"Belprice" wrote in message
...
Hi Dave , Mo Leo and all others offering me great help and advise.


Thanks thus far for all your help , we are currently going through the info
and advise you all provided. All we want is to remove the warning sign and
have the site up and running again. One of you sauggested that we contact
Google and have them remove the message , but how does one go about this.
Also , am I right in that we have a malware issue here , or am barking up
the wrong tree.!

Thanks in advance..

Your truely Inspector Clueso...An officer of the LAW!!!!


You can't ask Google to remove a warning that is still valid! I know nothing
about building web pages, but I do know yours needs to be edited to remove the
references (links) to nt010.cn. Whoever created your web page must know how to
do that? Only when it is fixed can you expect Google's warning to disappear.

More importantly, you have to find out how an outsider managed to corrupt your
page(s), and fix that.

  #12  
Old January 21st 10, 10:46 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default Virus and/or malware warning when entering site

You can contact Goggle for assistance in cleaning up the "bad" code:

Q: Google's search results say I have malware, but I can't find it!
A: If you can't find malware on your site yourself, it's generally best
to let the users in the Webmaster Help Forum help you to find it.
Oftentimes, malware is somewhat hidden. "

Malware and Hacked Sites section of the Google Webmaster Help Forum
http://www.google.com/support/forum/...6fc0996a&hl=en


And, as Martin has posted, you need to contact your *Hosting Company *
and find out how the site was hacked in the first place. It is being
hosted by FASTHOSTS, correct ?


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked



Belprice wrote:

Hi Dave , Mo Leo and all others offering me great help and advise.


Thanks thus far for all your help , we are currently going through the info
and advise you all provided. All we want is to remove the warning sign and
have the site up and running again. One of you sauggested that we contact
Google and have them remove the message , but how does one go about this.
Also , am I right in that we have a malware issue here , or am barking up
the wrong tree.!

Thanks in advance..

Your truely Inspector Clueso...An officer of the LAW!!!!

  #13  
Old January 25th 10, 07:32 PM posted to microsoft.public.windowsxp.security_admin
Donahoo
external usenet poster
 
Posts: 8
Default Virus and/or malware warning when entering site

Belprice wrote:
Hi Dave , Mo Leo and all others offering me great help and advise.


Thanks thus far for all your help , we are currently going through the info
and advise you all provided. All we want is to remove the warning sign and
have the site up and running again. One of you sauggested that we contact
Google and have them remove the message , but how does one go about this.
Also , am I right in that we have a malware issue here , or am barking up
the wrong tree.!

Thanks in advance..




Speaking from personal experience, there is malware on your site. You
just have to find and fix it, and find the opening. Look at the code for
the pages referenced, and especially look for an iframe tag. Also look
at your site with an FTP program for folders that you didn't upload. Use
your web host's stats to see which pages site are getting the most
traffic (the hacked pages) and where it is coming from, i.e. referral
pages. Look for the search words visitors are using to get to your site.
Get your web host to help you find out where the hacker got in. Upload
the original pages created by your web site designer and make sure you
dont' contaminate them from the hacked pages on your site. Keep
uploading clean pages until the hacking stops; if necessary change the
page names because it's probably being done with a script from a remote
site. Then you need to change the permissions on your pages and folders
to make sure they can't be written to from off the web.

And after your site has stayed clean for a couple of weeks, you can
petition Google to remove the warning.
  #14  
Old January 25th 10, 11:20 PM posted to microsoft.public.windowsxp.security_admin
David H. Lipman
external usenet poster
 
Posts: 4,185
Default Virus and/or malware warning when entering site

From: "Donahoo"


| Speaking from personal experience, there is malware on your site. You
| just have to find and fix it, and find the opening. Look at the code for
| the pages referenced, and especially look for an iframe tag. Also look
| at your site with an FTP program for folders that you didn't upload. Use
| your web host's stats to see which pages site are getting the most
| traffic (the hacked pages) and where it is coming from, i.e. referral
| pages. Look for the search words visitors are using to get to your site.
| Get your web host to help you find out where the hacker got in. Upload
| the original pages created by your web site designer and make sure you
| dont' contaminate them from the hacked pages on your site. Keep
| uploading clean pages until the hacking stops; if necessary change the
| page names because it's probably being done with a script from a remote
| site. Then you need to change the permissions on your pages and folders
| to make sure they can't be written to from off the web.

| And after your site has stayed clean for a couple of weeks, you can
| petition Google to remove the warning.

Your experence does NOT equate to her experience.
The site was scanned with anti malware software but I doubt it has any.

Chances are extremely high the the malicious actor found a vulnerability in the web site,
exploted it, and inserted redirection code. You don't have infect the web site and have
malware reside on the web site to do this. It is the site where the user is redirected to
that hosts the malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


  #15  
Old January 26th 10, 02:41 AM posted to microsoft.public.windowsxp.security_admin
FromTheRafters[_3_]
external usenet poster
 
Posts: 102
Default Virus and/or malware warning when entering site

"Donahoo" wrote in message
...
Belprice wrote:
Hi Dave , Mo Leo and all others offering me great help and advise.


Thanks thus far for all your help , we are currently going through
the info and advise you all provided. All we want is to remove the
warning sign and have the site up and running again. One of you
sauggested that we contact Google and have them remove the message ,
but how does one go about this. Also , am I right in that we have a
malware issue here , or am barking up the wrong tree.!

Thanks in advance..




Speaking from personal experience, there is malware on your site.


It's too soon to make that call. A server's webpage has evidently been
edited to lead clients to malware. How it got edited remains to be seen.
The OP needs to take down the server and use forensics to determine how
the affected page(s) got edited. Possibly a software
vulnerability -something like this:
http://en.wikipedia.org/wiki/Cross-site_scripting.




 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 07:55 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.