Powered by eUKhost®

Announcement

Collapse
No announcement yet.

How to scan and clean website viruses ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to scan and clean website viruses ?

    How to scan and clean website viruses ?



    The malware infection has became one of the major annoying security concern for the websites owners and Internet users as they are passing through the emails and web sites to the local machine and other remote servers. There are various security and antivirus software tools available for the Desktop systems ( local machine ) which can scan, detect and remove viruses from the specific files/folders, disk drives and other connected devices. If you have a website which needs to scan for the malware, Trojans and other vulnerable codes or want to check status of any URL link for the security and attack then refer following online tools and services which will help you to do so.

    These online tools, services can help you to scan and detect malicious codes as viruses, worms, Trojans, adware, spyware and exploit content from the web pages. Also some hosted antivirus tools and scripts provide options to quarantine and/or clean infected files. Below I have collected some of the good tools and online services which provide URL links, domain reputation scan and security report generation facility. These tools alert users about the presence of malware, exploits in a Website or a Webpage. Some of the tools provide vulnerability assessment and help to secure websites against hackers.


    1] Online Antivirus scanner from hosted server.

    2] Online URL links, Domain reputation and security threats analyzer from third party service provider.


    * Online Antivirus scanner from hosted server (Remote Server).

    These types of application tools are installed on the same hosted server and can be available from the Control panels as addon or modules. Eg. ClamAv option in cPanel, Dr. Web Antivirus addon in Plesk. Also some hosting companies provide other open source or commercial security applications which can be accessed via web interface or manage via shell access. Here we will explore some well known tools which are available with EUKhost Linux Shared, VPS and Dedicated servers.

    ClamAv - Open Source Virus Scanner with cPanel (Linux/Unix Servers ): Clam AntiVirus



    ClamAV is a free open source anti-virus application for Linux, UNIX systems. It is specially designed for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

    To install and upgrade/update clamav, please refer following thread : http://www.eukhost.com/forums/f30/update-clamav-12451/

    You can scan files from cPanel interface or using clamscan/clamdscan binary tools on shell access . Click on VirusScanner from Advanced section in cpanel to scan all files under specific cpanel account. there you can scan, entire Home Directory or emails or Public Web Space ( public_html folder) or Public FTP Space ( public_ftp folder). you can check following screen shot as how ClamAV will detect and alert for the detected viruses. It then gives option to Quarantine/Destroy/Ignore and/or disinfect in Cleanup Process from cpanel. However only mailboxes can be disinfected.



    If you have shell access then you can use clamscan or clamdscan tools to scan and clean viruses from the hosting space. Following are some useful
    commands to run clam tools.

    Clamscan is a command line anti-virus scanner which scan files and directories for viruses. clamdscan is a Clam AntiVirus Daemon which also scan files and directories for viruses using same database and definition. It is a simple clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd. The clamd daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from /etc/clamd.conf


    # To scan all files (and sub directories) in public_html, use following command.

    clamscan -ir public_html

    [email protected] [/home/cpuser]# clamscan -ir public_html

    public_html/explo-script/sprd.txt-bk: Trojan.IRCBot-1142 FOUND
    public_html/explo-script/spread.txt-bk: PHP.ShellExec FOUND

    ----------- SCAN SUMMARY -----------
    Known viruses: 857351
    Engine version: 0.96.5
    Scanned directories: 5
    Scanned files: 3
    Infected files: 2
    Data scanned: 0.02 MB
    Data read: 0.02 MB (ratio 1.00:1)
    Time: 5.221 sec (0 m 5 s)
    ----------- ----------- ----------- ---

    # To scan all files (and sub directories) in public_html folder and save result in file use following command.

    clamscan -irl results.txt public_html

    # To scan all files (and sub directories) in public_html folder and then remove infected files automatically, use following command.
    Note : Be careful while removing infected files automatically. Make sure that you have backup for all those files.

    clamscan -ir --remove public_html/

    [email protected] [/home/cpuser]# clamscan -ir --remove public_html/

    public_html/explo-script/sprd.txt-bk: Trojan.IRCBot-1142 FOUND
    public_html/explo-script/sprd.txt-bk: Removed.
    public_html/explo-script/spread.txt-bk: PHP.ShellExec FOUND
    public_html/explo-script/spread.txt-bk: Removed.

    ----------- SCAN SUMMARY -----------
    Known viruses: 857351
    Engine version: 0.96.5
    Scanned directories: 5
    Scanned files: 3
    Infected files: 2
    Data scanned: 0.02 MB
    Data read: 0.02 MB (ratio 1.00:1)
    Time: 4.450 sec (0 m 4 s)
    ----------- ----------- ----------- ---

    For more information and usage of clamscan command fire --help option.
    Parallels Plesk panel Antivirus addons(Modules):

    In order to provide your e-mail users an anti-virus protection, you can use either the Parallels Premium Antivirus or Kaspersky Antivirus solutions. Both antivirus programs can scan server's mail traffic in real time, however, only Kaspersky Antivirus allows fine tuning and filtering of specific file types from attachments.

    The both programs require an additional license key with annual renewal. Check the
    current prices with your hosting provider or visit Parallels site.

    1] Dr.Web Antivirus (Parallels Premium Antivirus)

    Parallels Premium Antivirus

    Parallels Premium Antivirus is virus scanning and filtering software integrated with all versions of Plesk and can also be used with other control panels. It's developed by Parallels and Dr.Web, AntiVirus solution for hosting environment which provides protection for mailboxes against worms, Trojans and other damaging viruse. This security tool has ability to repair, rename, or delete infected files and archives (.zip, .rar, .gz, .tar, etc.)

    Pricing for Parallels Premium Antivirus is based on a subscription that is renewed on a yearly basis. The addon service will be activated once you pay licence cost.

    Mailname Configuration Page with Anti-Virus Option



    Mailname Configuration Page with Antivirus Option
    Configure Parallels Premium Antivirus specifically for a particular mail name. "Antivirus mail checking" in the Info section shows the current mode of anti-virus software operating.

    Parallels Premium Antivirus Configuration Page



    Parallels Premium Antivirus Configuration Page
    Select the mode of operating for Parallels Premium Antivirus software for a particular mail name. You can set up the antivirus check only incoming mail or only outgoing mail, or both.


    2] Parallels Plesk Panel Anti-Virus Powered by Kaspersky

    Kaspersky Anti-Virus for Parallels Plesk Panel

    Builtin Kaspersky Anti-Virus Engine, a plesk Anti-Virus Powered by Kaspersky is another virus scanner software available for plesk that provides protection against viruses with superior detection rates and an industry-leading outbreak response time. This program scans incoming and outgoing mail traffic on your server, and removes malicious and potentially dangerous code from e-mail messages. What makes it an effective solution is that its virus databases are updated with new virus definitions every hour.
    To learn more about Kaspersky Antivirus, visit the Web site at

    http://www.kaspersky.com/anti-virus_linux_mailserver.

    To use Kaspersky Antivirus with your Parallels Plesk Panel server, you need to install the Kaspersky Antivirus module, purchase a license key and install it through Parallels Plesk Panel.


    Parallels Plesk Panel Anti-Virus Powered by Kaspersky Management Interface



    How to install Kaspersky Antivirus in Parallels Plesk panel server ?

    You can install the Kaspersky Antivirus module to the Parallels Plesk Panel server in two ways: from the Parallels Plesk Panel interface (recommended), and from the command line.

    Read installation and administration guide at Parallels documentation page :

    Parallels Plesk Panel 10: Administrator's Guide

    Kaspersky Antivirus Module for Parallels Plesk Panel 10 for Linux/Unix: Administrator's Guide

    Iscanner open source tool for the Linux servers :



    This is the best open source tool that detect and remove malicious codes and web page malwares as hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares from web pages. iScanner not only show infected html, php css and javascript files on the server but also able to clean these files by removing the malware code only from the infected files. It has ability to scan one file, directory or remote web page / website on the Linux/Unix servers.

    Presently there is no remote administration interface ( API ) for Iscanner so you need SSH access to use it. There are some false positive alarm in the iScanner which detects genuine script as suspicious code, so customize databas signatures as per your requirement and use it carefully after taking your files backup.

    Here are the steps to install and use Iscanner tool.


    cd /home/cpuser

    wget http://iscanner.isecur1ty.org/download/iscanner.tar.gz

    tar xvzf iscanner.tar.gz

    cd iscanner-0.7/

    ./installer -i -d /home/cpuser/iscanner
    # This command will install iScanner in /home/cpuser/iscanner folder

    ./iscanner -u
    # This will update iscanner database for new virus definitions.

    ./iscanner -F test.php
    # To scan specific file use this command.

    ./iscanner -f /home/cpuser/public_html/
    # To scan specific folder use this command.

    ./iscanner -c infected-02:46:32-05.Oct.log
    # This command will clean all the files reported in the .log file.

    ./installer -u
    # This command will uninstall iscanner from the same folder.
    Online URL, files security scanners/analyzer :

    While surfing the web, if you want to know security and authenticity status of knwown/unknown URL then refer following sites which will give you in depth report of the concern domain and URL. These sites are useful to detect whether requested site is compromised or contains malwares which will then create security threats for your computer.

    Following sites and their reports are great resource to help you identify and resolve security issues with your Web sites.

    Google's "safe browsing tool ( Google's Safe Browsing Diagnostics )



    Google Safe Browsing diagnostic page for www.example.com

    Just replace IANA — Example domains with your own site address and access it. It will show whether Google found anything suspicious on your site. Safe Browsing Diagnostic page will give you answers and recommendations for the following questions.
    What is the current listing status for domain.tld?
    What happened when Google visited this site?
    Has this site acted as an intermediary resulting in further distribution of malware?
    Has this site hosted malware?
    Next steps:

    Virustotal : VirusTotal - Free Online Virus, Malware and URL Scanner



    Virustotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by multiple antivirus engines. There are various free extension/addons and tools for the browsers that allows users to easily interact with VirusTotal.

    Urlvoid : Scan Websites for Exploits, Malware and other Malicious Threats - URLVoid.com BETA







    This is great service from the Urlvoid.com that allows users to scan a web addresses with multiple scanning engines such as Google Diagnostic, PcTools Browser Defender, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites. Just enter the URL of the website you want to scan and then click the Scan Now button.

    OnlineLinkScan : Online Link Scan - Virus, Trojan, Adware and Malware Scanner



    OnlineLinkScan offers safeguards like detection of hidden links that are not possible for visitor to notice. This site also detect suspicious links that might gets infected with viruses, trojan horses, spyware and other malwares. It shows report with PhisTank, AVG, SiteTruth and Google Safe Browsing listing status.

    Yahoo Search Scan : Search Scan



    Yahoo SearchScan alerts you while surfing viruses concern websites and downloading dangerous software that may harm your computer. SearchScan can help protect you from potential hacking risks and dangerous downloads. you can read more information at following page : What SearchScan Does | Yahoo! Search Help


    Online Dr.Web link Scanner : Dr.Web - innovation IT-security solutions. Complex protection against Internet threats.



    Dr.Web scanner is great online service to scan a link or file with scripts and frames
    for viruses, Trojan horses, spyware, and other malicious objects. There are also Dr.Web LinkCheckers extension/addons and plugins for the web browsers which Scans web pages before they are opened.

    AVG Online web based scanner : AVG Online Virus Scanner | Scan Web Pages | AVG LinkScanner Drop Zone



    The AVG [email protected] Drop Zone lets you check the safety of individual web pages you are about to visit. just copy the URL or domain and paste it into the AVG ONLINE SCAN box. It will examine the web page in real time to see whether it's hiding any suspicious downloads.
    Avg Scan result shows 30-day report for domain. current status, whether active threats were reported by users anywhere on same domain.

    Tips to protect your sites from the web malwares and hacking attacks :

    * Keep recommended, secure permission and ownership for the files and folders.
    * Use validation and password protection for the pages/folders as much as possible.
    * Frequently review your scripting files for the suspicious links, code, iframes and redirects.
    * Frequently download your all files from the server and scan with good antivirus application on local machine.


    Following are some well known websites, forums, blogs where you can find latest threats, vulnerabilities, security tools and services information :

    Open Web Application Security Project : Category:Attack - OWASP

    Anti-virus and Security application Support Forums :

    Avast Support Forum>> avast!WEBforum - Index

    McAfee Support Forum >> https://community.mcafee.com/index.jspa

    AVG Free Forum >> Free Antivirus | Forum - Free forum

    ClamAV Support >> Clam AntiVirus

    Kaspersky Support Forum >> Kaspersky Lab Forum (Powered by Invision Power Board)

    AVIRA Support Forum >> Startseite - Avira Support Forum

    Dr.Web Support Forum >> Dr.Web users' forum (Powered by Invision Power Board)

    ClamWin Support Forum >> ClamWin Free Antivirus :: Index

    Bitdefender Support Forum >> BitDefender Forum

    MS OneCare Support Forum >> Security Forum

    QuickHeal Supprot >> Quick Heal-Support

    Norman Support Forum >> Norman Support - Index page

    ESET Support Forum >> Wilders Security Forums - Powered by vBulletin

    F-Prot Support Forum >> https://forum.f-prot.com/

    F-Secure Support Forum >> F-Secure forum

    AČ Support Forum >> Emsisoft Support

    Virus Encyclopedias : 0days exploit, viruses detail information :

    AVG Virus Encyclopedia >> AVG - Virus Encyclopedia | Latest Computer Viruses | Virus List

    Symantec Virus Encyclopedia >> Virus Definitions & Security Updates - Symantec Corp.

    Kaspersky Virus Encyclopedia >> What we detect - Securelist

    ClamAV Library Current Threats >> Clam AntiVirus

    McAfee AVERT Library >> Virus Information | McAfee

    BitDefender Encyclopedia >> Latest Computer Viruses | Virus List | BitDefender Virus Encyclopedia

    Panda Virus Encyclopedia >> INFORMATION ABOUT VIRUS - Malware Search Engine - Encyclopedia - PANDA SECURITY

    TrendMicro Virus Encyclopedia >> Trend Micro Virus Information, virus alerts, advisories, Top 10, antivirus, worm, trojan, macro, free, virus encyclopedia

    CA Virus Encyclopedia >> CA Virus Encyclopedia Browse

    RAV Virus Encyclopedia >> RAV AntiVirus Website - Virus Encyclopedia

    NOD32 Virus Encyclopedia >> ESET Threat Encyclopedia


    --------------------------------------------------------------------------


    I hope these tools and services will help you to diagnose and resolve malware issues.


    Regards,
    Kieran A.
    Linux Support | eUKhost.com
    ------------------------------------------------------------------------------------
    Cpanel Hosting| Linux Reseller Hosting | Knowledge-base Articles | Stuff Tutorials
    ------------------------------------------------------------------------------------
    Regards,
    Kieran A.
    Cloud Administrator
    Skype :: Kieran.Alen | eUKhost

  • #2
    Re: How to scan and clean website viruses ?

    Hello Friends!!
    If your system get infected with lots of threats and viruses, then you should immediately get an Automatic Removal Tool, which will completely Help you in scanning your computer within limited time. it is used as a very powerful tool, which could entirely clean your computer and will safeguard your data. hence, its recommended to use this tool as, it seems to be very effective and genuine tool. hence, you should download and use it without any delay.
    Thank You.

    Comment


    • #3
      If you ever find that your system is infected with malware and you want to scan your system you can simply clean your system virus cleaning software or you can also try Combat PC Viruses that will help you scan your system with an ease. For more information, please visit:
      https://sites.google.com/site/removemalwares

      Comment


      • #4
        A very nice piece of information. Thanks for sharing the update Kieran. However, are there any simple tools or applications that can help in removing the website viruses easily?

        Comment


        • #5
          I think the easiest way to remove viruses from a website is to remove the threat of getting viruses to begin with. Ultimately, you should do everything that you can with your website to keep it in beautiful working order and prevent anything from going wrong. Like anything that you want to keep running smoothly, you need to take preventative measures. Probably no one fills up their car gas tank only after they have stalled on the side of the highway; usually you fill up way before that in order to avoid stalling. It's the same with your computer security. Viruses and Malware come into play when you leave your website open and vulnerable to others getting in or taking information out of your site. But if you encrypt your site with an SSL certificate, you form a secure connection between your site and your customers/visitors. Of course that's only one measure to take, but a very effective one. Even with an SSL certificate though, you need to make sure it's up to date and properly configured. Just like out of date antivirus software leaves you open to threats, so will any out of date or improperly configured security software. If you want to check that your security settings are up to date and working the way that they should, there are plenty of online tools that will give you an analysis of your site. I'm sure there are tools to remove the viruses Priya, but easily and effectively is another matter. And it makes a lot more sense to just secure a website to begin with and avoid the hassle of having to remove viruses.
          Last edited by Dazedn'Confused; 28-09-2016, 07:08.

          Comment

          ban-img
          Working...
          X