Is removing a virus from a server a difficult project?
 

I'm not a server guy. Just wondering how long something like that should take.

depends on what shit you got

It's redirecting my sites and gallerys to a tube site

its not a virus, put the site url in google and add remove after so

"site.com remove"

and you are clean in few minutes. google is still friend

Thankyou, I will give that a go.

Tried that,and when I clicked on any page from the domain this avg warning opens.

http://www.mintesbabes.com/gfy/virus.jpg

I've lost nearly a million hits since the weekend,the server tech is useless and at this point I will stand on a stool and howl at the moon if that what it takes.

That's crazy. What is your site?

time to change hosts man

you are probably a nie sized account for them...and if they can take care of business for you.....next

If it cost you a million hits already I would be on the phone with a rep from symantec or mcaffee to see what solutions they have.

I work from a webs folder on my desktop and just publish the new files...this way if the virus gets into my web folder I just need to remove it from my webfolder then re-publish the files without the virus. I usually scan the folder once a week for viruses...Not sure if this is a full proof system though.

i can help icq me 784260

Sorry to hear about this man... How has ISPrime not fixed this for you already?

It looks like the server or one of your scripts was compromised and they added code to every page.

Server side infection can be hard to get rid of, because you need to (a) know how they got in, and fix that hole and (b) find any altered or added files which would allow them access even once you close that hole. It's often the second part that is the most time consuming.

Why haven't you restored from backup?

yahoo results for "clean virus from server"

Can you look in your root directory and organize all your files by date? Find out which ones have been modified and see if you can identify the malicious code.

Also, run a full scan on any computer you ftp with

If you don't have a backup you're up shit creek.

You are going to be best asking in all of the webmaster forums you can find for somebody to SSH in and sort it.

Even if it was as simple as a recursive sed on the sites files, more than likely they will be back as the hole wasn't closed. So you need to be careful.

Run an anti virus on any PCs you use to connect to your server.
Change the passwords to your server, from a different PC to any of the above.
Get somebody to SSH in and grep for the URL your sites are being redirected to and use sed to replace them.
More than likely the redirect will be in JS or at least encoded some how so you won't be able to just do a search for the URL, you'll have to do a search for encoding/decoding functions.

You're best paying somebody $100 to sort it for you, if your host can't/won't do it.

And stop using IE.

Most of the viruses leave a code in every .php file.
You have to clean all the .php files or put a back up.

But they where able to inject code in your pages.
So there must be a leak somewhere.
And that can be done in a lot of software.
So you have to check als installed scripts.
Maybe you can see where they got in in your log file.

This can be solved in 1 hour. But it also can takes days before you find out where they get in. Look what software could be vunerable and search the forums of that software. Most of the time other people suffer the same problems and questions pop up on forums.

When it is fixed you have to send your page to google again. The blacklisted your domain. I had that once and they got me of the blacklist a few hours after i send in my site to get of the blacklist.

depends how virus is fucked up...
if you need any help you may hit me up...