Comments on: Iframe Virus jl.chura.pl Removal Todo List http://www.webmastersucks.com/iframe-virus-jl-chura-pl-removal-todo-list/ Here I share stuff I used to suck at as a novice webmaster.. Thu, 03 Jun 2010 17:08:38 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: astone9 http://www.webmastersucks.com/iframe-virus-jl-chura-pl-removal-todo-list/comment-page-1/#comment-1082 astone9 Mon, 18 Jan 2010 17:21:38 +0000 http://www.webmastersucks.com/?p=210#comment-1082 Well i have also written an article on my blog. There is a script in PHP which automaticly scans and cleans you hosts and all index files infected with a iframe code. It is easy to use, if you would like you can inlcude it in you site. My post URL is <a href="http://hotfixes.edibra.com/webmasters/clean-iframe-virus" target="_blank">http://hotfixes.edibra.com/webmasters/clean-ifram...</a> Well i have also written an article on my blog. There is a script in PHP which automaticly scans and cleans you hosts and all index files infected with a iframe code. It is easy to use, if you would like you can inlcude it in you site. My post URL is
http://hotfixes.edibra.com/webmasters/clean-ifram...

]]> By: lisa http://www.webmastersucks.com/iframe-virus-jl-chura-pl-removal-todo-list/comment-page-1/#comment-446 lisa Fri, 18 Sep 2009 20:25:14 +0000 http://www.webmastersucks.com/?p=210#comment-446 This link can be helpfull. <a href="http://kawablog.com/scarabox/product.php?id_produit=1&id_rub=2&lng=en" target="_blank">http://kawablog.com/scarabox/product.php?id_produ...</a> This script remove all malicious iframe from your server, for me that worked fine. This link can be helpfull.
http://kawablog.com/scarabox/product.php?id_produ...
This script remove all malicious iframe from your server, for me that worked fine.

]]> By: webmastersucks http://www.webmastersucks.com/iframe-virus-jl-chura-pl-removal-todo-list/comment-page-1/#comment-201 webmastersucks Wed, 05 Aug 2009 08:26:45 +0000 http://www.webmastersucks.com/?p=210#comment-201 Thank you for explanation Thank you for explanation

]]> By: Dracconus http://www.webmastersucks.com/iframe-virus-jl-chura-pl-removal-todo-list/comment-page-1/#comment-189 Dracconus Mon, 03 Aug 2009 06:43:09 +0000 http://www.webmastersucks.com/?p=210#comment-189 # Change all FTP passwords in your ftp programs used to uplaod files - Do this on another system. # Close ALL internet, and local computer browsers. # Open EVERY PHP, HTML, HTM, and MHT , Javascript, and CSS file you have, and remove IFRAME code using an HTML editor (WYSIWYG style preferrably.) # Download “Avast Home Edition“, free and infected this virus. (Bit Defender is my personal choice actually) # Setup Avast Home Edition (Or Bit Defender.) #Download SpyBot Search and Destroy (Update it COMPLETELY) #Download WinPatrol (regular version is fine, you'll need this to make sure that it's not back when you resume normal mode.) # Restart your PC; When it reboots, automatically spam the F8 Button to choose to boot into SafeMode. Choose SafeMode By itself, not one with networking, or command prompt. # Scan your ENTIRE computer. (If asked to delete, then delete. This is going to possibly eradicate some MUCH needed files, but trust me, going back, and getting these, or not deleting them now, this thing WILL come back.) #While in SafeMode - Make sure to DISABLE System Restore Service. The virus itself DOES store itself in the boot sectors of your operating system, and your system restore files as well. # Upload clean pages to your web site # Install SpyBot Search and Destroy, and WinPatrol. #Scan your system with Spybot #Open your internet browser of your choice, and MAKE SURE TO DELETE ALL HISTORY, SETTINGS, and other information including passwords. #Restart and boot into the regular mode of your computer. BEFORE YOU DO ANYTHING ELSE!!!!! DO THE FOLLOWING: Run Winpatrol, and browse the startup, delayed startup, processes, and services tabs. make ABSOLUTELY SURE that this is NO WHERE to be found. You'll be looking for ANYTHING that has a TMP extension (E.G. Thisfile.TMP IF you DO find any file like this - Do the following steps: Right click on the file (if available in that menu) and click INFO Gather the location of the file. Start up your internet connection, and browse to http://majorgeeks.com/Unlocker_d4660.html Download and install this program. This program lets you delete files, or folders that are currently in use by your operating system (EG the virus.) Locate the virus TMP file after the installation of Unlocker and Right click on it. Select Unlocker in the Right Click Menu, and then in the popup window, select DELETE, and then hit UNLOCK. You MAY have to reboot the computer to effectively remove this file, if that's the case, so be it, reboot, and AUTOMATICALLY go back into safemode. Delete the folder C:Documents and settingsYOURUSERNAMETEMP Also delete the C:Documents and settingsYOURUSERNAMEApplication DataTEMP folder One last deletion C:Documents and settingsYOURUSERNAMEMy DocumentTemporary Internet Files Now restart the computer ONE last time, and re-run in Normal Mode. All the problems SHOULD be gone (as well as possibly some of your files, but, sorry, that's how it goes sometimes... **************A little more information******************* I have dealt with this virus for almost a month, studying it's habits, and attempting MANY different removal methods with GREAT failure upon restoring the files. Although this virus only somewhat clings to your files, it's the ability it has to be stored in TMP iles that makes it so "wonderous." The virus can embed itself to ANY kind of document necessary. This is a TRUE leech on your system, and it's best to follow these removal steps in the EXACT order that they're given. # Change all FTP passwords in your ftp programs used to uplaod files – Do this on another system.
# Close ALL internet, and local computer browsers.
# Open EVERY PHP, HTML, HTM, and MHT , Javascript, and CSS file you have, and remove IFRAME code using an HTML editor (WYSIWYG style preferrably.)
# Download “Avast Home Edition“, free and infected this virus. (Bit Defender is my personal choice actually)
# Setup Avast Home Edition (Or Bit Defender.)
#Download SpyBot Search and Destroy (Update it COMPLETELY)
#Download WinPatrol (regular version is fine, you’ll need this to make sure that it’s not back when you resume normal mode.)
# Restart your PC; When it reboots, automatically spam the F8 Button to choose to boot into SafeMode. Choose SafeMode By itself, not one with networking, or command prompt.
# Scan your ENTIRE computer. (If asked to delete, then delete. This is going to possibly eradicate some MUCH needed files, but trust me, going back, and getting these, or not deleting them now, this thing WILL come back.)
#While in SafeMode – Make sure to DISABLE System Restore Service. The virus itself DOES store itself in the boot sectors of your operating system, and your system restore files as well.
# Upload clean pages to your web site
# Install SpyBot Search and Destroy, and WinPatrol.
#Scan your system with Spybot
#Open your internet browser of your choice, and MAKE SURE TO DELETE ALL HISTORY, SETTINGS, and other information including passwords.
#Restart and boot into the regular mode of your computer.
BEFORE YOU DO ANYTHING ELSE!!!!!
DO THE FOLLOWING:
Run Winpatrol, and browse the startup, delayed startup, processes, and services tabs. make ABSOLUTELY SURE that this is NO WHERE to be found.
You’ll be looking for ANYTHING that has a TMP extension (E.G. Thisfile.TMP
IF you DO find any file like this – Do the following steps:
Right click on the file (if available in that menu) and click INFO
Gather the location of the file.
Start up your internet connection, and browse to
http://majorgeeks.com/Unlocker_d4660.html
Download and install this program. This program lets you delete files, or folders that are currently in use by your operating system (EG the virus.)
Locate the virus TMP file after the installation of Unlocker and Right click on it.
Select Unlocker in the Right Click Menu, and then in the popup window, select DELETE, and then hit UNLOCK.
You MAY have to reboot the computer to effectively remove this file, if that’s the case, so be it, reboot, and AUTOMATICALLY go back into safemode. Delete the folder C:Documents and settingsYOURUSERNAMETEMP
Also delete the C:Documents and settingsYOURUSERNAMEApplication DataTEMP folder
One last deletion
C:Documents and settingsYOURUSERNAMEMy DocumentTemporary Internet Files
Now restart the computer ONE last time, and re-run in Normal Mode.
All the problems SHOULD be gone (as well as possibly some of your files, but, sorry, that’s how it goes sometimes…

**************A little more information*******************
I have dealt with this virus for almost a month, studying it’s habits, and attempting MANY different removal methods with GREAT failure upon restoring the files.
Although this virus only somewhat clings to your files, it’s the ability it has to be stored in TMP iles that makes it so “wonderous.” The virus can embed itself to ANY kind of document necessary. This is a TRUE leech on your system, and it’s best to follow these removal steps in the EXACT order that they’re given.

]]> By: abrar http://www.webmastersucks.com/iframe-virus-jl-chura-pl-removal-todo-list/comment-page-1/#comment-183 abrar Fri, 31 Jul 2009 07:50:42 +0000 http://www.webmastersucks.com/?p=210#comment-183 i cant understand toooo long i cant understand toooo long

]]>