| Question: |
Hello.The letter that we received a complaint on the website.Your site has been a complaint, please contact technical support as soon as possible. |
| Answer: |
Hello. On your website powersoft-warez.ru detected viruses. You need to check your home computers for viruses, check the site for viruses and update version dvizov to the last, to change all passwords on cPanel, billing and DB users. Give us your IP we will provide you with access. |
| Answer: |
Hello here is the text of the complaint -------- Original Message --------
Subject: [clean-mx-viruses-45696836](46.29.2.48)-->([email protected])
viruses sites (1 so far) within your network, please close them! status:
As of 2014-10-31 04:32:11 CET
Date: Fri, 31 Oct 2014 04:32:11 +0100
From: [email protected]
To: [email protected]
Dear abuse team,
please help to close these offending viruses sites(1) so far.
status: As of 2014-10-31 04:32:11 CET
Please preserve on any reply our Subject:
[clean-mx-viruses-45696836](46.29.2.48)-->([email protected]) viruses sites (1 so
far) within your network, please close them! status: As of 2014-10-31 04:32:11 CET
http://support.clean-mx.de/clean-mx/[email protected]&response=alive
(for full uri, please scroll to the right end ...
We detected many active cases dated back to 2007, so please look at the date column
below.
You may also subscribe to our MalwareWatch list
http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch
This information has been generated out of our comprehensive real time database,
tracking worldwide viruses URI`s
If your review this list of offending site, please do this carefully, pay attention
for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server`s owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.
+-----------------------------------------------------------------------------------------------
|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2014-10-31 02:48:30
CET |45696836 |CYSC.URL.MALWARE.GEN |46.29.2.48 |powersoft-warez.ru |http://powersoft-warez.ru/soft/soft-internet/26943-netspeedmonitor-v-2540-ru.html
+-----------------------------------------------------------------------------------------------
Your email address has been pulled out of whois concerning this offending network
block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to
the next responsible desk available...
If you just close(d) these incident(s) please give us a feedback, our automatic
walker process may not detect a closed case
explanation of virusnames:
==========================
unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for
injection
unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for
injection
unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript
obfuscationg evals
unknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots
as remote-code-injection
unknown_html not yet detected by scanners as RFI, but suspious, may be in rare case
false positive
unknown_exe not yet detected by scanners as malware, but high risk!
all other names malwarename detected by scanners
==========================
yours
Gerhard W. Recher
(CTO)
net4sec UG (haftungsbeschraenkt)
Leitenweg 6
D-86929 Penzing
GSM: ++49 171 4802507
Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg HRB 27139
EG-Identnr: DE283762194
w3: http://www.clean-mx.de
e-Mail: mailto:[email protected]
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
you need to clear the site give us your ip ? kotorogo you will be working. clear the site, Menai passwords, to update the engine and components |
| Question: |
My ip 195.3.246.83 |
| Answer: |
Access is open to you. |
| Question: |
Website cleaned have updated to the latest version(license)passwords changed |
| Answer: |
sharing is open. Change all passwords. |
| Question: |
Yes thank you.How they determined that the virus file.They can`t just all of the files to download? |
| Answer: |
the complaint stated: This information has been generated out of our comprehensive real time database,
tracking worldwide viruses URI`s |
| Question: |
Hello.Again came the complaint on file please Unlock the site.I will remove references to it. |
| Answer: |
Hello. Give your IP, you can read it on the page http://www.erahost.ru/2ip.php |
| Question: |
195.3.246.83 |
| Answer: |
Access is open to you. |
| Question: |
Removed |
| Answer: |
ok
|
| Question: |
Unlock Hello account.I will remove the link.My ip 195.3.246.83 |
| Answer: |
Hello. access is open |
| Question: |
no |
| Answer: |
You changed the ip ? when you remove the entry? |
| Question: |
no I didn`t change. Your IP address:195.3.246.83 As you go so will remove immediately |
| Answer: |
dotop open |
| Question: |
included |
| Answer: |
delete |
| Question: |
removed.Strange I deleted the entire section with movies where this came from. |
| Answer: |
you add records? |
| Question: |
no users designs I banned them all it movies and the file was 13 years added |
| Answer: |
then spend the administrative measures, a simple website for complaints not interesting |
| Question: |
Yes will hold.I also tired that the site is blocked. |
| Answer: |
OK |
| Question: |
Hello please unlock account.I will remove the link. |
| Answer: |
access is open. remove the subject of the complaint |
| Question: |
removed |
| Answer: |
ok
|
| Question: |
Hello.Unlock the account please I will delete the subject of the complaint.I don`t understand I tried it again a category with movies otduda they are taking them. |
| Answer: |
let your IP, you can read it on the page http://www.erahost.ru/2ip.php |
| Question: |
195.3.244.4 |
| Answer: |
Access is open for you. |
| Question: |
Will not let me 403 |
| Answer: |
please Check now.
|
| Question: |
went fine |
| Answer: |
remove the subject of the complaint |
| Question: |
removed. |
| Answer: |
ok
|
| Question: |
I understood what was going on.The category was removed and the films themselves remain as it is.I removed them all more hope complaints will not.Need to shamanism engine creators to udalaet if the category means and the files that were deleted from the database too. |
| Answer: |
ok
|
| Question: |
Boudlal remote. |
| Answer: |
ok
|
| Question: |
Hello.Unlock the account please I will delete the subject of the complaint.IP 195.3.244.4 |
| Answer: |
Hello. please Wait, the request is sent to the administrator. |
| Answer: |
access granted |
| Question: |
Removed.I wrote a letter asking to send the complete list of materials owned by pravoobladanie to poudalyat.I hope to send.My lock just tired already. |
| Answer: |
ok
|
| Question: |
Hello.Why my site is blocked if the complaint came to http://black-warez.ru/books/145939-litvinovy-anna-i-sergey-serdce-boga-audiokniga.html |
| Question: |
On the website black-warez.ru ( Lertas network ), hosting provider yavlyaetsyato which the company found the download link, or the possibility of online promotiefilm \"Heart of God\" (\"Serdce boga\"):http://black-warez.ru/books/145939-litvinovy-anna-i-sergey-serdce-boga-audiokniga.htmlПрава rental of this film in Russia belong exclusively компанииPublishing House \"Exmo\" LLC. We, the limited liability Company \"WebControl\", are an authorized copyright holder the exclusive imodelbinder on this film.Any use of this film, including links to external resources containing the film, is illegal.Therefore, take immediate steps to curb the action, newsaustralia the right of copyright owners by removing or closing access to ksitm, located at the above address/addresses.Otherwise, the copyright holders reserve the right to use margadarshi, administrative or criminal liability, predostorozhnosti of the Russian Federation. |
| Answer: |
Hello. unlocked. please remove the subject of the complaint |
| Question: |
I have nothing to remove the complaint on my site and I came On the website black-warez.ru ( Lertas network ), hosting provider yavlyaetsyato which the company found the download link, or the possibility of online promotiefilm \"Heart of God\" (\"Serdce boga\"):http://black-warez.ru/books/145939-litvinovy-anna-i-sergey-serdce-boga-audiokniga.html and you have blocked my. |
| Answer: |
We apologize for the misunderstanding. |
| Question: |
It happens, but of course it is desirable to avoid such misunderstandings.And St. Petersburg in the new data center will be the same hosting details as right now I polzujus to complaints as there respond will be.Ask about forgiveness that is not on the ticket`s subject |
| Answer: |
we can`t place You there just because of the complaints. |
| Question: |
Okay thanks for the reply. |
| Answer: |
ok
|
