Welcome to WebmasterWorld Guest from 54.166.48.3

Forum Moderators: phranque

Message Too Old, No Replies

Message from mcafee says my site has a trojan

apparently "JS/Exploit-BO.gen" is the trojan on my websites

     
2:32 pm on Oct 4, 2006 (gmt 0)

New User

10+ Year Member

joined:Feb 27, 2006
posts:35
votes: 0


Can anyone help me work out why Mcafee virusScan comes up with a message that its deleted a Trojan whenever I access my site?

It comes up saying that it has deleted something called "JS/Exploit-BO.gen".

Could anyone assist?

3:19 pm on Oct 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


Did you try a search?
3:19 pm on Oct 4, 2006 (gmt 0)

New User

10+ Year Member

joined:Feb 27, 2006
posts:35
votes: 0


Of webmasterworld? Yes...Couldn't find anything.

Has my site been hacked?

3:37 pm on Oct 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jimbeetle is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 26, 2002
posts:3295
votes: 6


Has my site been hacked?

Have you checked it?

4:26 pm on Oct 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member tropical_island is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 16, 2002
posts:2744
votes: 0


See [trendmicro.com...]

This will explain it all

4:27 pm on Oct 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


You need to identify the offending file.

I've seen innocent image files produce errors of this sort. If that's the case here, simply resave the image with a tweak or or two.

Kaled.

5:03 pm on Oct 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


You didn't do a regular Google search?

Just search for the name of the virus. There are dozens of sites discussing it, and at least one ad offering a removal tool.

12:15 pm on Oct 5, 2006 (gmt 0)

New User

10+ Year Member

joined:Feb 27, 2006
posts:35
votes: 0


There are dozens of sites discussing it yes. But none show me how to get it OFF MY website, only how to remove it from a PC.

My machine isn't infected and if it is that's not the problem. The problem is that the mcafee is detecting the JS/Exploit-BO.gen whenever someone logs on to my site.

This obviously isn't good, I'd like to know if anyone knows how to get it off my site. It seems like my site has been hacked or something, can someone please help?

12:51 pm on Oct 5, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4398
votes: 2


Instead of dealing remotely you might consider d-loading in a new local dir your whole site and perform locally (on your machine) the cleaning.
If you find it, del old files on server and reload the cleaned one

You could try scanning only one dir at a time to isolate the culprit

Next: Cleaning is not enough you need figuring how it happened and if it is reoccurring

4:02 pm on Oct 5, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


It appears this may be associated with a particular web hosting company. Do you use the web hosting company mentioned in this article?

[pcworld.com...]

FWIW, I searched for "web site infected with JS/Exploit-BO.gen"

In any case, this should be pretty easy to remove. I assume the message comes up when you access a particular page. Examine the page source, play "which of these things does not belong", and snip it out. At the extreme, simply delete that web page and replace it with a new one built from scratch.

Of course, then you have to figure out how it got there in the first place.