Technology, Smartphones, Games


Gumblar.cn Trojan How to Fix

I have posted about this Trojan earlier  http://krishnan.co.in/blog/post/gumblarcn-Trojan.aspx

IF your site is affected with this Trojan, there is a higher chance to get blacklisted in Google, and since Firefox is using same recommendation that also block your site.

Normally this will affect index, home,defualt (can be php,html,htm etc). There is a chance that it will affect others files too. What it does is it will inject an iframe tag (normally just after the opening of body tag). To fix this

before start fixing

1. Clean your computers history and temp files (Use Ccleaner for this) if you dont have it down load and install it

  • open cleaner
  • Go to options
  • Advanced
  • Uncheck the Only delete files in Windows temp folders older than 48 hrs
  • Click Ccleaner
  • Click Run Ccleaner
  • Click OK

2. Scan for Spywares and Adwares in your machine first (you can download the free version of Malwarebytes' Anti-Malware here)

After these things

 

1. Download all the files from the server for easy search, if u dont have server access for search

2. search for iframe  <iframe src=”link” width=2 height=4 style=”visibility: hidden”></iframe> (iframe tag and hidden visiblity is there on all tags i have sen till now, the width and height also may vary)

that link may vary since i have seen more than one type of link there.

3. remove all those iframes

4. Replace the server files with the edited ones

5. Remove write permission of all files and folders (755 in Linux), if you need write permission to a folder and if there is a file  named in the first step, make sure that file can not be edited.

6. make sure that your ftp client does not save ftp passwords

7. Change the ftp passwords

6 and 7 am not sure whether it is needed or not, but doing that will be a great.

If your site is already black listed, go to Google webmaster and request a review after doing all these issues.