my site is hacked .. any help please

[Black Dove]

hello there , i want ur help please
some one hacked my site when i try to access it from explorer i got that anti virus warning


and from firefox i have that one




please help me im really in trouble
my site is www.noreldonia.com


i removed the virus from my site but the warning still there

[TheLastSuperman]

Sometimes it can take up to 30 days depending on how it was flagged for the "flag" to be removed. Make sure it is in fact clean and the virus is gone. Have you informed your host of the situation because if your on a shared hosting account the other sites "sharing" with you could have been affected.

--------------- Added [DATE]1283045145[/DATE] at [TIME]1283045145[/TIME] ---------------

Quote:

Originally Posted by Black Dove

i removed the virus from my site but the warning still there

Also... you removed a virus i.e. simply one or ?

I checked the details by clicking "Why was this page blocked?" etc and this came up:

Quote:

Of the 1298 pages we tested on the site over the past 90 days, 16 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-27, and the last time suspicious content was found on this site was on 2010-08-27.

Malicious software includes 186 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software is hosted on 82 domain(s), including ommeddonia.jeeran.com/, oracleguy.jeeran.com/, mcseman.jeeran.com/.

This site was hosted on 2 network(s) including AS21844 (THEPLANET), AS30058 (FDCSERVERS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, noreldonia.com/vb did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

So you need to be sure the site is in fact clean OR it will continue to show that message, if your not familiar with Viruses and or Malicious scripts and how they affect a computer you may not have successfully removed all the bad files and it's also possible your files could have been tampered with tbo.

[mathewka010]

another preventative measure to take is to add ftp.allow, ftp.deny and ftp.log to your file manager, this will stop any back door hacks, or atleast help, you can usually ask your hosting provider to do this for you. What you then need to do is add your IP address to ftp.allow file and any other individuals that may need to have access to your file manager.

Good luck!

[Black Dove]

thank u so much , the problem were :
1- 10 viruses , i removed them by scanning my site online
2-codes added to my header and footer and i searched for than and removed

really t hank u so much for help , u are always helpful

[Willo]

You can also speed removal of the spam warning by verifying you site with Googles webmaster tools

Cheers,
Greg
urljet.com

[Angel-Wings]

Quote:

Originally Posted by mathewka010

another preventative measure to take is to add ftp.allow, ftp.deny and ftp.log

Won't help much. Usually PHP Backdoors / Injections are the problem to care about. Bruteforcing FTP accounts is rather time-consuming compared with a simple XSS / Injection etc.

And - I would recommend to take the site offline and reinstall all files checking them twice for security problems.
Since the site was infected, how you can be sure that every file is really clean and nothing has been modified to fool your scanners ?

Additionally - there was a security problem so by keeping everything as it was, the problem isn't fixed, just the results but the problem maybe is still present.

Oh - and maybe upgrade your outdated PHP 4.4.9 to a newer version.

[Marco van Herwaarden]

If codes haven been added to header/footer then most likely that hacker had access to your database. Let your host check the security of the server.