What to do when AVG indicates that your own web page is infected?

FAQ » Virus FAQ » What to do when AVG indicates that your own web page is infected?

Print Copy link
Did you know that AVG experts can help you with your computer issues? For just $89.99, we will remotely fix your computer, or detect and remove viruses in no time.
Best of all, the coverage lasts 12 months!
Click here to buy now

If AVG suddenly detects a threat on your website, but you have not changed the content recently, it is possible that your webpages have become infected. Viruses all over the Internet actively try to locate weakly-secured FTP access to web servers and also try to get FTP credentials from infected computers. Once the correct account credentials are acquired, the virus makers connect to the FTP site and modify some of the webpages. The infected webpages then redirect users to various infected websites containing items such as virus executables or fake antiviruses.

How to cure infected webpages?

The easiest way to cure infected webpages is to reload the whole web content from backup (that is, to rewrite everything on the web server with your original websites). However as a backup is not always available, it may be necessary to check the content of each webpage reported as infected.

Injected code is usually encoded to avoid detection from antivirus products, which allows you to locate it easily; it does not look like the rest of your code. Here is an example which uses the eval function to encode the real URL:

Injected Code Example

Characters like %64%6F%63%75 are easily noticeable when you check the webpage content using for example Notepad. Another favourite encoding method uses the document.write function, so also look for that. If you cannot find any of the abovementioned functions, you should generally look for any suspicious JavaScript parts that are not supposed to be in the code, or iframe elements for example.

When you find a suspicious part, simply remove it from the source code and re-upload the cured webpage on the web server.

How to prevent reinfection?

As a first step, we strongly recommend changing your password for FTP access. It should be at least 8 characters long and combine both letters and numbers to avoid dictionary-based attacks. Also do not save your password in any software you use for FTP transfers. The most popular applications are easy exploitable to access saved passwords from them when the PC itself gets infected.

How to contact AVG?

In case there is a false alarm, please contact us using the following form:
http://samplesubmit.avg.com/false-detection

We will inform you in more details after the analysis.

Was this information helpful to you?
|