如何从网站中删除 JS:Illredir-S [Trj](病毒)?
我的网站 www.edimosic.net 和 www.juraatmedia.com 感染了 JS:Illredir-S [Trj] 恶意软件。我的网站不断受到某些重定向或 js 脚本或 iframe 脚本的感染,清理它们后我更改了密码,几天后又出现了。
谁能告诉我如何正确保护我的网站以及如何删除此病毒 JS:Illredir-S [Trj] ?我没有收到有关此病毒以及我的服务器上的哪个文件感染了该病毒的任何信息。
请帮我!
My website www.edesimusic.net and www.juraatmedia.com is infected with JS:Illredir-S [Trj] malware. My site keep on getting infected with some redirects or js scripts or iframe script, after cleaning them I change my passwords and it comes again after few days.
Can anyone tell me how to protect my websites properly and how to remove this virus JS:Illredir-S [Trj] ? I am not getting any information about this virus and which file on my server is infected with it.
Please help me!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我遇到了同样的问题,Windows是最新的,防病毒软件是最新的(第一台计算机上是AVG,第二台计算机上是Symantec),反间谍软件是最新的......我从不安装“奇怪的东西” ……所以我以为我受到了保护。
突然,我的 filezilla 中的所有站点/帐户都被 JS:Illredir-CB [Trj] 木马感染。
这是在看到一家大公司的网站后发生的。
这个木马在没有任何警告的情况下就进入了我的电脑......如此简单。
该脚本是一个 JavaScript 函数:使用端口 8080 创建指向远程站点的链接的各种技巧。
这个程序将一个 JAVA 小程序放入 iframe 中,并在后台打开一个 CMD,在 system32 中本地安装了一些文件。
我做了什么:
设置,或在所有
“询问密码”上的帐户
FTP 帐户。 (这样做,因为我
忘了一个,这个是三天
稍后再次触摸)
此时此刻注意到,只有
AVAST 检测到了这个(我确实尝试过
很多扫描仪)
以及每张地图……就我而言也是如此
https 文件...所以你必须
检查所有文件(检查
日期/时间)
检查所有 .JS 文件以及所有名称如“home”、“default”和“index”的文件......在文件底部写入了一行额外的内容。 (它们并不都一样!! ....但看起来很像)
我的一些文件完全损坏了,所以我必须对这些文件进行备份。
在服务器的 FTP 日志文件中,我多次看到尝试使用旧设置进行连接......因此他们多次尝试。
我仔细查看了感染我的计算机的脚本:在我的例子中,该函数打开了后门
[http://highstate.俄罗斯:8080 /google.com/stumbleupon.com/btjunkie.org.php ]
但我在其他一些脚本中看到 highstate.ru 不是唯一的域......
检查这些链接诺顿对此域的评价:
[ https://safeweb.norton.com/report/show?name=anyscent.ru ]
或者
[ https:// safeweb.norton.com/report/show?name=highstate.ru ]
我看到的最新内容:
index.html: JS:Illredir-CB [Trj] ++
example.htm [L] HTML:Downloader-F [Trj] ++
Applet1.htm [L] JS:Jaderun-A [Expl] 全部通过相同的方法:网页/js文件底部的远程脚本
很好的例子:此时此站点上有一个木马:[ http:// /wordpress.org/support/topic/349452]
我的 AVAST 看到了这个,并禁用了该页面。
我希望有人能根据我的经验做点什么!
I had the same problem, windows up-to-date, antivirus up-to-date ( AVG on the first and Symantec on my second computer ), antispyware up-to-date..... I never install "strange things" ... so I thought that I was protected.
Suddenly all of the sites/accounts in my filezilla where infected by a JS:Illredir-CB [Trj] trojan.
It happens after seeing a website of an big company.
This Trojan came in my computer, without any warning.....so easy.
The script was a javascript function: all kinds of tricks to create al link to a remote site with port 8080.
This one put a JAVA applet in a iframe, and this opened a CMD in the background wich installed some files localy in system32.
What I did:
settings, or set this in all the
accounts on "ask password"
FTP accounts. (DO IT, because i
forgot one, and this one was 3 days
later touched again )
noticed at this moment that only
AVAST detected this one ( i did try
al lot of scanners)
and every map ... in my case also
the https files ...so you have to
check all the files ( check it on
date/time )
Check All the .JS files and All the files with names like "home" "default" and "index"....at the bottom of the file is an extra line written. ( they are not all the same !! ....but look-a-like )
Some of my files were totaly corrupt, so i had to take the backup for this ones.
In de FTP log files of the server i see several times an attempt to connect with the old settings..... so they try it more then once.
I took a good look at the scriptings which infected my computer:in my case the function opened the backdoor to
[ http:// highstate . ru: 8080 /google.com/stumbleupon.com/btjunkie.org.php ]
but i saw in some other scripts that highstate.ru is not the only domain.....
Check these links what norton says about this domains:
[ https:// safeweb.norton.com/ report/show?name=anyscent.ru ]
or
[ https:// safeweb.norton.com/ report/show?name=highstate.ru ]
Latest ones i saw:
index.html: JS:Illredir-CB [Trj] ++
exemple.htm [L] HTML:Downloader-F [Trj] ++
Applet1.htm [L] JS:Jaderun-A [Expl] all by the same method: a remote script on the bottom of a webpage / js-file
Nice example: at this moment is a trojan on THIS SITE: [ http:// wordpress.org /support/topic/349452 ]
my AVAST saw this one, and disabled the page.
I hope somebody can do something with my experience !!