Not sure if I need to be worried or not, but I just went to visit my own Exetel webspace and Avast gave me a warning about html:script.inf on the site and dropped the connection. I tried it from another browser and another computer with the same result.
I checked my site with unmaskparasites.com and sitecheck.sucuri.net and found MW:JS:612 - securi.net says the following about this malware, "Encoded javascript included and used to distribute malware. It calls a malicious iframe once loaded. Also known as “HTTP Malicious Toolkit Variant Activity 12″ or “createCSS” malware".
All I have done is to note the modified date/time of each file on my site (thankfully it's not big!) and found that each occurrence of index.html, home.html and home.php had all been changed at about 6.20am on 24th April. I replaced the files with clean ones from my local machine, then ran the checks again, this time coming up clean.
So, I guess what I'm asking is:
1. Is there anything else I need to do?
2. Is it just me, or are/were there others affected?
3. Do I need to change my password to access the web space?
Thanks.
Malware on my web space
Re: Malware on my web space
I'm not sure if it's a need (depends how exactly your site was compromised) but I would do it anyway as a precautionary measureflash wrote: 3. Do I need to change my password to access the web space?
Thanks.
-
thejeg
Re: Malware on my web space
If the scan results showed you It's clean... I believe you can leave it at thatflash wrote:1. Is there anything else I need to do?
It's definitely has not affected everyone else.......... Your web space may be affected may be because your pc was affected before?flash wrote:2. Is it just me, or are/were there others affected?
I believe changing the password will secure the web space more, so it's a good moveflash wrote:3. Do I need to change my password to access the web space?
Re: Malware on my web space
Is your password stored in an FTP client running on Windows? Most passwords saved this way are quickly recoverable - they can even be kept in clear in .xml files. If this is the case, check your computer for an infection that is harvesting passwords.