Results 1 to 5 of 5
  1. #1

    Malware: PUA.HTML.Infected.WebPage-2

    Hello Everyone.

    I have a small issue with one of our sites. I recently did a VirusTotal.com scan and discovered one infection/malware "PUA.HTML.Infected.WebPage-2". I tried searching the forums and Googled the term, but hardly could find any information to remove the infection. We installed "ClamAV" and "Malware detect" but there was no indication of any malware on the hosting.

    Can someone please help?
    Awesome Logo & Web Design Service. Really! - Web Design Portfolio / Logo Design Portfolio

  2. #2
    Join Date
    Jun 2007
    Location
    Australia
    Posts
    819
    I'm assuming you uploaded a PHP or HTML file to VirusTotal. Hackers will sometimes inject malicious code into PHP or HTML files.


  3. #3
    Join Date
    Aug 2011
    Location
    India
    Posts
    283
    Hello
    The chance for a malware or virus attack on a Linux server is very low. Normally files uploaded through an infected machine will be the culprit . In such cases , you need to change your Cpanel and mysql password first and then perform a detailed scan on your machine with updated anti-virus. Once the machine is confirmed to be secure, download the webcontents and then remove the malware entries and upload it back. Stop the habit of storing site login credentials on applications like ftp client or web browser. Some viruses are capable of capturing them and upload malicious contents to the server. Also ensure that the installed applications are safe and secure.
    Fred Bruner
    Business Analyst
    SupportSages.com- Bytes of Wisdom @ Work - Where guarantees and promises are made to keep!
    24/7 Support with 15 mins response time & no charge guarantees

  4. #4
    Join Date
    Jun 2007
    Location
    Australia
    Posts
    819
    Quote Originally Posted by ssfred View Post
    Hello
    The chance for a malware or virus attack on a Linux server is very low. Normally files uploaded through an infected machine will be the culprit . In such cases , you need to change your Cpanel and mysql password first and then perform a detailed scan on your machine with updated anti-virus. Once the machine is confirmed to be secure, download the webcontents and then remove the malware entries and upload it back. Stop the habit of storing site login credentials on applications like ftp client or web browser. Some viruses are capable of capturing them and upload malicious contents to the server. Also ensure that the installed applications are safe and secure.
    Not only just re-upload the affected contents, but I'd advise to ensure that scripts are up to date. The common way that a hacker gains access are outdated scripts.


  5. #5
    Thank you for all responses. Some of your inputs were really good, that I think many of us take for granted.

    After hours of scanning and reading online I couldn't find anything that suggested what "PUA.HTML.Infected.WebPage-2" actually is.. until just a while back I noticed the Google Analytics code on our website was appended after the body tag.. I relocated the code and ran the scan again.. that was it!
    Even a genuine JS code added outside of the designated areas is flagged as "potential" malware by ClamAV.
    Awesome Logo & Web Design Service. Really! - Web Design Portfolio / Logo Design Portfolio

Similar Threads

  1. webpage help? HTML
    By nadsy in forum Web Design and Content
    Replies: 1
    Last Post: 01-18-2009, 03:12 AM
  2. Apache has a way to insert some html code below <body> to every webpage ?
    By natong in forum Hosting Security and Technology
    Replies: 5
    Last Post: 05-12-2008, 06:13 AM
  3. How to integrate horde login on a html webpage
    By askthexperts in forum Programming Discussion
    Replies: 5
    Last Post: 08-19-2006, 11:01 AM
  4. PHP webpage won't load up while html page loadup fine..
    By jayzee in forum Hosting Security and Technology
    Replies: 3
    Last Post: 10-03-2005, 11:24 AM
  5. [script needed] Read HTML Webpage and trigger on value
    By DCM in forum Other Offers & Requests
    Replies: 2
    Last Post: 12-14-2003, 02:07 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •