| Question: |
The site on your hosting http://medictest.net/Куда all starnicy of redirected. with a request to send an SMS http://rulate.ru/uploads/forum/plugin/up/index.php?num=380984878018&sum=850Мошенники with ruleit site already zablokirovali understand, thank you |
| Answer: |
Hello. we Have Your website normally works: http://screencast.com/t/TlUmayxrUlUm at the entrance to the site, no redirects, no proishodt. Try to log into another computer, most likely because the redirect is happening from Your computer, because most likely carried the virus. |
| Question: |
redirect comes from internal pages and from Opera or chromatoidal with 5 five different computers |
| Answer: |
You Delli any changes on the website, installed, any additions, etc.? |
| Question: |
there is nothing |
| Question: |
today I downloaded a backup and ran Kaspersky on my computer.found 6 Bekturov and what nonsense all sites.Although 2 months. ago, it was all clear.. |
| Answer: |
ie on the website You have not made any changes already relative dlitelnoe time? I think the easiest way would be to restore Your website from backup. |
| Question: |
this is not the way.the website redirects to vampire.tv with a request to send an SMS.Persistent request to check http://medictest.net/ and remove the redirect |
| Answer: |
we have no such services. the website should deal only with the administrator website. we can only assist You in resolving the issue. check пожалуйстf file .htaccess your site for the redirect and this redirect adalat |
| Question: |
everything is clean, I just replaced the old, too.on your hatching constantly any problems |
| Question: |
strange, but it is why it in the root directory not displayed |
| Answer: |
give a link to the page where you see the redirect. the website you need to follow and regularly update engine |
| Question: |
For the first time, Opera or chrome on the interior pages is redirect наvampire.tv/uploads/thumbs/up/index.phphttp://pixs.ru/showimage/Screenshot_9499646_19829634.jpg with the requirement to send an SMS, like the SBU has blocked the computer.My friend is not, which in this ponimaet don`t know what to do |
| Answer: |
give a link where you can see a redirect |
| Question: |
ordeal say for the first time, Opera on any page Kelsey clicked is redirected to vampire.tv/uploads/thumbs/up/index.phpи the browser is blocked |
| Answer: |
there is no such. just checked. therefore, we ask You a specific link. the transition which will lead to redirect |
| Question: |
I don`t know how to show it to you and prove ?you have in reg ru scan websites for viruses ?Scan all the sites on the hosting |
| Answer: |
there is of course, you and results have shown repeatedly |
| Question: |
when ? what I do not remember ? |
| Question: |
the redirect is 5 compuetr checked. |
| Answer: |
give a link please on where you have a redirect |
| Question: |
http://medictest.net/anatomiya/ deprimirotee or chrome visit and see |
| Answer: |
gone, no redirect |
| Answer: |
this is the first time chrome http://www.webpagetest.org/result/151211_22_DTF no redirect |
| Question: |
I have transitions appear everywhere on these sites was statistically with the owner rulate.ru when he isel redirect, he confirmed that he had hacked the site and with my redirect it has done for SMS. |
| Answer: |
maybe You have a virus on your computer? check this https://www.malwarebytes.org |
| Question: |
go with IPS Ukrainian and see.there SMS this is calculated, like the SBU has blocked your website for prosmotr porno you see the IP not the Ukrainian |
| Answer: |
we just went on with the Ukrainian ip address! and not with one, but even with several. no redirect we have not seen. You have a virus on your computer, check this https://www.malwarebytes.org |
| Question: |
you htaceess єtogo site can indicate where is located in the root directory do not see |
| Answer: |
file nazyvaetsya .htaccess . this is a system file. you can easily see if polysuede ftp client , if you use the file Manager pane, turn on when you start the display of system files. But before that, even so, recommend proveit computer for viruses |
| Question: |
proverite all sites account for viruses, proschayutsya |
| Answer: |
we`ve scanned. the antivirus found nothing. now I can start this script https://www.revisium.com/ai after the end we will inform You the name of the result file |
| Answer: |
do You have a license DLE? |
| Answer: |
medictest.net/AI-BOLIT-REPORT-_forexsit_public_html_medictest_net-24370-11-12-2015_13-37.html |
| Question: |
not the license.although the license was purchased |
| Question: |
I told a redirect how to remove ?individuals DLE can go but I`m afraid to do that the site doesn`t fall off. |
| Answer: |
then why did You never set it? |
| Question: |
say it again, SONG said makes no warranties to relic. and has no idea that there is a database, and so DCAC of this to eliminate what the website was ? |
| Question: |
I will hire a man who, prepense on. pravilnika is now correct ? drop to 2 times Pasewalk and sanctions Yandex is not far off. |
| Answer: |
Regarding the license, if You have a website built on DLE nulled, the key is not necessary, simply unsubscribe from your account, which was purchased license, that license tied to a specific domain. redirect, try to change the theme of the website. |
| Question: |
so it was done, tied.now all that is stopped the page and from Mozilla to open. everything is internal on the main page... |
| Answer: |
check the amps. now the operation of the site. |
| Question: |
well, it is now open, so what with redirecting and suspicious files to do ? |
| Question: |
vske still redirects.. piglets and friends to come.. all the same |
| Answer: |
try changing the site template. |
| Question: |
well, then everything can go.. the files that the antivirus found just remove the... |
| Answer: |
make a backup through the cPanel, after the copy is created You can change the pattern and to delete files. |
| Question: |
and as template to change |
| Answer: |
through the admin`s panel, under \"Manage templates\" |
| Question: |
do you have ssh ?specialsit pochistit sites from viruses |
| Answer: |
We do not provide SSH access. |
| Answer: |
we do not predostavlyaem ssh access. can download the file and test locally |
| Question: |
the man who cures viruses written that you dolzhny to give access to my hosting and tou has no rights to delete infected files... |
| Question: |
DELETE ask him to remove the folder Back |
| Answer: |
Give the full path to the folder. |
| Answer: |
you did backup пеhtl how to give someone access? |
| Question: |
/home/forexsit/backвсе to remove bendory here |
| Question: |
Yes |
| Answer: |
folder /home/forexsit/back removed. it you created it? |
| Question: |
no, of course.. neizvestno as she appeared.. |
| Answer: |
but she did nothing to your sites is not. to remove it generally doesn`t make any sense. all your sites ./public_html/, IAM found something? if not then the work has been for nothing. |
| Question: |
this is what I otvetilo and Tacna snausage they sprashivayte how to remove not majestetic and create that takchto then not be able to remove)))it is their uekbocp ваш100%you have no right to create)) |
| Answer: |
what to create? your specialist that found in public_html? soobshaet him nxj folder back is a copy of the public_html folder made before you requested a restore from backup. she is mostly nothing to do with the problem does not and can not have. it your website files . no SIDE in it. This folder is NOT accessible from the outside at all. let works only with public_html if he found nothing in public_html? so he did nothing. |
| Answer: |
if You forget, then You have a virus is not the first time
/home/forexsit/public_html/wp-content/plugins/akismet/views/admin85.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/wp-content/plugins/akismet/views/template.php: Php.Trojan.StopPost FOUND
/home/forexsit/public_html/wp-content/plugins/akismet/views/ajax.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/wp-content/languages/themes/dump.php: Php.Trojan.StopPost FOUND
/home/forexsit/public_html/wp-content/uploads/2012/09/option.php: Php.Malware.Mailbot-1 FOUND
/home/forexsit/public_html/wp-content/uploads/2012/06/dump.php: Php.Trojan.StopPost FOUND
/home/forexsit/public_html/wp-content/uploads/2015/01/list37.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/wp-includes/Text/plugin11.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/jeansoviy.ru/manager/manager.php: {HEX}php.cmdshell.unclassed.359.UNOFFICIAL FOUND \\ 02-04-2015]
SCAN ID: 040215-0959.62557
TIME: Apr 2 09:59:55 +0300
PATH: ./public_html/
TOTAL FILES: 4654
TOTAL HITS: 3
TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 040215-0959.62557
FILE HIT LIST:
{HEX}php.cmdshell.unclassed.357 : ./public_html/wp-network.php
{HEX}php.cmdshell.unclassed.357 : ./public_html/wp-configuration.php
{HEX}php.cmdshell.unclassed.357 : ./public_html/wp-make.php
/home/forexsit/public_html/wp-content/plugins/akismet/views/admin85.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/wp-content/plugins/akismet/views/template.php: Php.Trojan.StopPost FOUND
/home/forexsit/public_html/wp-content/plugins/akismet/views/ajax.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/wp-content/languages/themes/dump.php: Php.Trojan.StopPost FOUND
/home/forexsit/public_html/wp-content/uploads/2012/09/option.php: Php.Malware.Mailbot-1 FOUND
/home/forexsit/public_html/wp-content/uploads/2012/06/dump.php: Php.Trojan.StopPost FOUND
/home/forexsit/public_html/wp-content/uploads/2015/01/list37.php: PHP.Trojan.Mailer-1 FOUND
/home/forexsit/public_html/wp-includes/Text/plugin11.php: PHP.Trojan.Mailer-1 FOUND
Time: Thu Apr 2 03:53:15 2015 +0300
Path: `/home/forexsit/public_html/wp-content/uploads/2012/09`
Count: 301 emails sent
Sample of the first 10 emails:
2015-04-02 03:40:49 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected]
2015-04-02 03:40:50 cwd=/home/forexsit/public_html/wp-content/uploads/2012/09 4 args: /usr/sbin/sendmail [email protected] |
