Welcome to WebmasterWorld Guest from 54.162.155.183

Forum Moderators: phranque

Message Too Old, No Replies

Message from mcafee says my site has a trojan

apparently "JS/Exploit-BO.gen" is the trojan on my websites

     
2:32 pm on Oct 4, 2006 (gmt 0)

5+ Year Member



Can anyone help me work out why Mcafee virusScan comes up with a message that its deleted a Trojan whenever I access my site?

It comes up saying that it has deleted something called "JS/Exploit-BO.gen".

Could anyone assist?

3:19 pm on Oct 4, 2006 (gmt 0)

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Did you try a search?
3:19 pm on Oct 4, 2006 (gmt 0)

5+ Year Member



Of webmasterworld? Yes...Couldn't find anything.

Has my site been hacked?

3:37 pm on Oct 4, 2006 (gmt 0)

WebmasterWorld Senior Member jimbeetle is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Has my site been hacked?

Have you checked it?

4:26 pm on Oct 4, 2006 (gmt 0)

WebmasterWorld Senior Member tropical_island is a WebmasterWorld Top Contributor of All Time 10+ Year Member



See [trendmicro.com...]

This will explain it all

4:27 pm on Oct 4, 2006 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You need to identify the offending file.

I've seen innocent image files produce errors of this sort. If that's the case here, simply resave the image with a tweak or or two.

Kaled.

5:03 pm on Oct 4, 2006 (gmt 0)

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 5+ Year Member



You didn't do a regular Google search?

Just search for the name of the virus. There are dozens of sites discussing it, and at least one ad offering a removal tool.

12:15 pm on Oct 5, 2006 (gmt 0)

5+ Year Member



There are dozens of sites discussing it yes. But none show me how to get it OFF MY website, only how to remove it from a PC.

My machine isn't infected and if it is that's not the problem. The problem is that the mcafee is detecting the JS/Exploit-BO.gen whenever someone logs on to my site.

This obviously isn't good, I'd like to know if anyone knows how to get it off my site. It seems like my site has been hacked or something, can someone please help?

12:51 pm on Oct 5, 2006 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Instead of dealing remotely you might consider d-loading in a new local dir your whole site and perform locally (on your machine) the cleaning.
If you find it, del old files on server and reload the cleaned one

You could try scanning only one dir at a time to isolate the culprit

Next: Cleaning is not enough you need figuring how it happened and if it is reoccurring

4:02 pm on Oct 5, 2006 (gmt 0)

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 5+ Year Member



It appears this may be associated with a particular web hosting company. Do you use the web hosting company mentioned in this article?

[pcworld.com...]

FWIW, I searched for "web site infected with JS/Exploit-BO.gen"

In any case, this should be pretty easy to remove. I assume the message comes up when you access a particular page. Examine the page source, play "which of these things does not belong", and snip it out. At the extreme, simply delete that web page and replace it with a new one built from scratch.

Of course, then you have to figure out how it got there in the first place.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month