Comments on: iFrame worms: goooogleadsence.biz, cutlot.cn, google-ana1yticz.com, mixante.cn and similar

By: glass machinery

glass machinery — Mon, 22 Feb 2010 08:29:10 +0000

Hmm I had the similar issue, but overwriting all wordpress files with newer ones fixed the thing.

By: Sam

Sam — Sun, 11 Oct 2009 10:08:40 +0000

Similar issue… I use the tool Iframe.Attack to remove injection :

http://kawablog.com/scarabox/product.php?id_produit=1&id_rub=2&lng=en

Demo on youtube :
http://www.youtube.com/watch?v=XosRuSk_NFg

regards, Sam

By: Mat

Mat — Thu, 06 Aug 2009 17:03:57 +0000

Here is a great article on how to get rid of this virus http://www.qualitycodes.com/tutorial.php?articleid=29

By: admin

admin — Fri, 19 Jun 2009 07:02:38 +0000

Hmm I had the similar issue, but overwriting all wordpress files with newer ones fixed the thing.

By: oggy

oggy — Fri, 19 Jun 2009 02:41:55 +0000

I cleaned up all the files infected in my wordpress…

The site looked great… 3 days later, got hacked again (definately not server side, I had made the necessary changes, the used ftp from filezilla for sure).

just changed FTP and cleaned files.

All looks good, except:

I log in to my admin in Wordpress and only the “tools” appears in the nav. Can’t write or edit posts. Just dissappeared.

went in through PHPmyAdmin to see if user still had admin access… apparently it does.

Made sure all wp-admin files were not infected, basically replaced them with a brand new wordpress download (same version 2.8), and still cannot access any other actions in dashboard logged in as admin other than “tools”.

Anyone think they know what the issue is? I need help

Thx!

By: miklosz

miklosz — Sun, 14 Jun 2009 15:51:58 +0000

I think this post and that one related said all…

By: Tim

Tim — Sun, 14 Jun 2009 15:45:32 +0000

It appears to be a PC virus that will read your FTP login information from various FTP programs like CuteFTP, FileZilla, etc. I added a password to open CuteFTP … Tools > Global Options > Security > Encrypt Site Manager … and haven’t had an issue since. I also upgraded my security on my PC with PC Tools Free Firewall, and added Avast along with AVG to make sure it doesn’t happen again. So far, so good.

By: John

John — Sat, 13 Jun 2009 20:23:05 +0000

I have yet to determine if this is a PC virus or some kind of injection attack at the server, but it definitely uses FTP.
If you can, set your hosting to only allow FTP access on specific IP addresses or ranges. At least this will prevent use of FTP to do the attack.
If you use CPanel/WHM and have full access, you can do this. Otherwise you could ask your hosting provider to do so.

By: admin

admin — Tue, 05 May 2009 15:36:15 +0000

check this post
I uploaded removal tool there

http://www.sulumitsretsambew.org/iframe-worms-xtrarobotzcom-superbetfaircn-lotmachinesguidecn/

By: Rahim

Rahim — Tue, 05 May 2009 12:59:11 +0000

Hey guys,

I run a server, and unfortunately, it got infected by a virus (iframe)..I really don’t know what I should do, since almost all my websites have been infected, and even the direct admin pages!!!! soo strange!

please can anyone help me here!

also, can you please update the rapidshare php cleaner, that link given is broken.

many thanks guys!

regards