Knowledgebase

Portal Home > Knowledgebase > Articles Database > Malware: PUA.HTML.Infected.WebPage-2


Malware: PUA.HTML.Infected.WebPage-2




Posted by firewiz, 09-18-2011, 03:39 AM
Hello Everyone. I have a small issue with one of our sites. I recently did a VirusTotal.com scan and discovered one infection/malware "PUA.HTML.Infected.WebPage-2". I tried searching the forums and Googled the term, but hardly could find any information to remove the infection. We installed "ClamAV" and "Malware detect" but there was no indication of any malware on the hosting. Can someone please help?
Posted by CH-Shaun, 09-18-2011, 04:50 AM
I'm assuming you uploaded a PHP or HTML file to VirusTotal. Hackers will sometimes inject malicious code into PHP or HTML files.
Posted by ssfred, 09-18-2011, 05:19 AM
Hello The chance for a malware or virus attack on a Linux server is very low. Normally files uploaded through an infected machine will be the culprit . In such cases , you need to change your Cpanel and mysql password first and then perform a detailed scan on your machine with updated anti-virus. Once the machine is confirmed to be secure, download the webcontents and then remove the malware entries and upload it back. Stop the habit of storing site login credentials on applications like ftp client or web browser. Some viruses are capable of capturing them and upload malicious contents to the server. Also ensure that the installed applications are safe and secure.
Posted by CH-Shaun, 09-18-2011, 07:14 AM
Not only just re-upload the affected contents, but I'd advise to ensure that scripts are up to date. The common way that a hacker gains access are outdated scripts.
Posted by firewiz, 09-19-2011, 05:51 AM
Thank you for all responses. Some of your inputs were really good, that I think many of us take for granted. After hours of scanning and reading online I couldn't find anything that suggested what "PUA.HTML.Infected.WebPage-2" actually is.. until just a while back I noticed the Google Analytics code on our website was appended after the body tag.. I relocated the code and ran the scan again.. that was it! Even a genuine JS code added outside of the designated areas is flagged as "potential" malware by ClamAV.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Raid monitor for Areca? (Views: 576)
Postfix Error please Advice (Views: 625)
Top Hosting Companies (Views: 592)
Experience with Sitesouth.com? (Views: 615)
Copy MYSQL to another server. (Views: 557)