WordPress.org

Ready to get started?Download WordPress

Forums

Trojan Virus on my site!? PLEASE HELP! (10 posts)

  1. icydk
    Member
    Posted 6 years ago #

    I don't know who else to ask...my site has a trojan virus on it - and I can't figure out what it is! I removed the ads that I recently placed on my site - but it's still there! All the other ads I've had for years!? It just happened yesterday, I've been FLOODED with emails from people all telling me it's coming from my site...

    What could it be? How do I fix it?!?

    http://www.icydk.com (If you dare!?)

    In McAfee the details are:

    Detection: Exploit-ANIfile(Trojan)
    File Path: C:|Users\ICYDK|AppData|Local|Microsoft|Windows|Temporary Internet Files|Content.IE5|Q2MVTP1K|us10231[1}.anr

    Please help!

  2. icydk
    Member
    Posted 6 years ago #

    c'mon, anyone?

  3. Delltar
    Member
    Posted 6 years ago #

    it is not trojan on your site, just remove contact form. Some SPAM robot is sending you emails by your contact form or because it found your adress, never show your mail adress with '@'. write it in this form incaseyoudidntknow101(at)hotmail(at)com .

  4. icydk
    Member
    Posted 6 years ago #

    Maybe I'm totally naive, but why does McAfee say it's a trojan virus?

  5. DianeV
    Member
    Posted 6 years ago #

    Here's something from the DSLReports.com forums:
    http://www.dslreports.com/forum/remark,15452441

  6. icydk
    Member
    Posted 6 years ago #

    I'm still stuck...any more advice? Delltar - I asked my tech guys if it was my contact form - and they all said no....

  7. ClaytonJames
    Member
    Posted 6 years ago #

    Detection: Exploit-ANIfile(Trojan) File Path: C:|Users\ICYDK|AppData|Local|Microsoft|Windows|Temporary
    Internet Files|Content.IE5|Q2MVTP1K|us10231[1}.anr

    I'm guessing, but It would seem that McAfee is alerting you to a virus detection in the last file in the above path. This would be the file "us10231[1}.anr", located in the temporary internet folder "Q2MVTP1K" on your local machine. Anything beyond "C:\Users\<username>\AppData", may be in hidden folders. I don't have a local machine running Vista to verify... (I guess I'm assuming you are using Windows Vista), but I would think that you should be able to make hidden system folders visible to confirm its existence. I don't use McAfee, but a quick look on their site seems to imply that a fully updated XP or Vista machine probably should not be prone to this particular threat. Either way, it It would appear that you may need to resolve a virus problem on your Local machine. That may (or not), in turn shed some light on how to address the Email problem.

  8. ClaytonJames
    Member
    Posted 6 years ago #

    When I visited your site archives page in IE7, http://www.icydk.com/archives/, I got a pop-up warning. I allowed it to run, and it offered to take me to a site and scan my pc for malware and viruses. I declined and it proceded to tell me that I was indeed infected and then took me to the site anyhow and attempted to install an activex control without permission. Are you aware of this behavior? If not, it may be worth examining. I did not experience this with Firefox.

  9. DianeV
    Member
    Posted 6 years ago #

    Given ClaytonJames' experience above, I'd suggest FTPing into your server and check for any new files. Something's going on.

  10. mark1615
    Member
    Posted 6 years ago #

    I use Vista but this might also appy to XP so I don't know if this is a help to you but I had an extremely persistant spyware trojan that hijacked my browser sending me to several commercial websites an especially to a fake virus removal website. I tried 3 AV programs and 3 anti spyware programs and nothing showed up in any of them. I could see from checking out my registry that it had an autorun of the file sobhjozwcg.exe from my c:\user\mark\appdata\local (mark is my logon name). I tried deleting this entry but it always came back. I couldn't fint the sobhjozwcg.exe anywhere on my computr. After trying several dozen things I booted the computer with a BartPE disk which I mad a while ago with my old XP system (you could try a live Linux which most independent computer stores will sell you for about $5.00 if you can't get ahold of a PE disk). Lo and behold when I looked in c:\user\mark\appdata\local I found the sobhjozwcg.exe plus a couple more sobhjozwcg files. I deleted them and the problem is gone. Don't look for sobhjozwcg on your computer as it's probably a randomly generated name just look for any exe files in your appdata\local directory and delete them as there shouldn't be any exe files there. Hope this helps.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags