linux - Strange Virus Infecting My Server

07
2014-04
  • John

    I am currently working on a Web App on my dedicated server (LAMP) and it seems like it might be infected with some strange malware/virus of some kind.

    When I access some domains on that server (every 5 or 10 mins) it will redirect me to something like this.

    enter image description here

    The stranger this is that it does not completely redirect!

    The URL of my website is still the same, and if it left alone for me than 10 seconds it will comeback to the site.

    I have ran some virus/malware scan on my local site to run out that it's not from the client but indeed from the server.

    Has anyone seen something like this before?

    EDIT: I just confirmed that the virus is not on the server. I just ran into the same problem going through websites on different servers around the web.

    Image explanation:

    So basically it's a blank page with the picture I linked in the middle of that page. You can click on it and it will take you to fill out some kind of form.

    • Answers
  • K7AAY

    DNS Changer viruses running in the DNS server can cause this. http://en.wikipedia.org/wiki/DNS_hijacking and http://www.wired.co.uk/news/archive/2012-07/09/dns-changer-check-and-fix provide more information to get you started. Comcast locally was hit by one of those viruses this summer, so it's still around.


    • Related Question

    windows - How to clean a computer with multiple accounts infected with spyware, viruses?
  • Questioner

    Possible Duplicate:
    What to do if my computer is infected by a virus or a malware?

    What's the best way to clean a computer with multiple accounts infected with spyware, viruses and malware? Should you install and run software to remove the infections on each account? If you install the software on one account, will it clean the entire computer including each account?

    For example, some programs like CCleaner will install only on one account and not offer the option for all users (accounts). Does this mean the program will clean the entire computer including other accounts or do I have to install CCleaner on each account to clean up each user's account?


    • Related Answers
  • Will

    The best way would be to wipe the harddrive and then reinstall everything, reinstalling the anti-virus program first, then anti-spyware. This will fix all the accounts.

    The details for whether a malware removal tool will affect all accounts or just one is dependent on that particular tool. However, wiping the harddrive will guaruntee every trace is gone (usually). Malware removal tools may leave pieces of malware scattered about.

  • Adam

    I usually use malware bytes to remove stubborn viruses. Most of the time it is much better to just nuke the hard drive and freshly install the operating system. A deep rooted virus can take vital system files with it whenever you try to remove the virus. This can cause instability and cause a lot of system errors. If you do decide to use a removal approach instead of a reformat, make sure that you use 2 or 3 well known virus removers since not every kind will catch every strand of virus.

  • Harri Siirak

    You also should boot up the computer in safe mode, because anti-spyware/virus software may not be able remove infected files in normal mode.

  • pelms

    I'd suggest:

    1. Running a virus scan from one of the various anti-virus boot disks e.g. the Avira rescue disk.
    2. Then backup all the stuff you want to hang on to.
    3. Reformat the HDD and reinstall the OS.
    4. Reinstall a good anti-virus program.
    5. Set up users with a limited (not administrator) account.

    Spy/ad-ware can be a nightmare to get rid of and reinstalling Windows has the benefit of increasing speed of the system.

  • Col

    Running something like spybot search and destroy from an admin account will scan the whole disk. It depends on how bad the infection is if this is worth the effort. After a certain point it's better to just bite the bullet and do a clean install after backing up your data.

  • Umber Ferrule

    Whilst I agree with nuking the hard disk, sometimes it's not always practical. Say for instance you have some rare software you can't reinstall because you don't have the original media or keys and can't afford to replace it. This happened recently to a friend.

    On the other hand, some things just can't be cleaned - I've seen instances of Windows where every single .exe and .dll has been terminally infected. However, I'd say quite a bit of malware and spyware can be recovered from. In which case I'd either put the offending hard disk into another PC to clean or boot from a live CD such as created using BartPE.

    Another thing with spyware etc., no single product fixes everything so you may have to try several things. You may even have to resort to editing the registry and removing files manually. Google is your friend - somebody somewhere has almost always been in the same position.

  • redacted

    Famous quote from Aliens seems appropriate here.

    But seriously, without wiping and reinstalling the OS there is no way to be sure. If you absolutely can't reinstall you at minimum must boot from a different drive to clean it.