Skip to main content

Cleaning Code-Injection Malware on Thanksgiving Weekend

I just finished removing a code-injected malware that blacklisted a website with security providers like Google and Symantec, and it had to be on this Thanksgiving Long Weekend. Nothing makes me more sick that having to deal with this type of cleanup but it has to be done. Our whole household is already sick with cough and flu so this adds to the fun.

I noticed the infection by constant emails from my service provider that my quota was getting exceeded. I know the site is popular but couldn’t be that popular. When I tried to get to the site using Google Chrome browser, I received a ominous red splash screen letting me know that there is malware on the site and that I should only continue if I understood the risks. Fortunately, I had the site registered with Google Webmaster Tools and was able to get a sample of the suspicious code injection. I also ran http://killmalware.com/, http://www.siteadvisor.com/sites/aminsolutions.com, and http://sitecheck.sucuri.net/ against the website to advise me what other sites see as a baseline prior to cleaning up the malware. This is what I had to do, without too much detail so that the hackers aren’t wise to the exact solutions:

• Put the site into maintenance mode, displaying a friendly reminder to clients that this is scheduled;
• If using CMS, update the platform to the latest version, including all security patches;
• Register the website with Google Webmaster Tools to have it tell you what and possibly where the code-injection malware is on the site;
• Search the web site’s file system for the sample malware code snippet returned by Google Webmaster Tools. Sometimes, it is easier to use Notepad++ to search through contents of every file so do this after downloading a copy of the entire web site locally to your computer. If hosted on the cloud, use your favorite FTP client like CoreFTP to download the contents;
• After finding the code-injected malware, remove the malicious code;
• Make sure you prevent future code-injections by following Google’s write-up here https://support.google.com/webmasters/answer/3024344. Specifically look for malicious code that’s obfuscated to avoid detection, e.g. eval (base64 decode);
• Get Google Webmaster Tools to re-review the site to ensure the malware has been removed. Make sure you configure the preferences to email you of any future malware attacks on the site;
• Run http://killmalware.com/, http://www.siteadvisor.com/sites/aminsolutions.com, and http://sitecheck.sucuri.net/ against the website to ensure it passes all the tests.
• After tests pass, deactivate maintenance mode on the website to open it back up to customers.

Gobble gobble gobble. That’s how you serve this turkey to dinner.

Comments

Popular posts from this blog

MacBook Pro boots up showing a folder with a flashing question mark

This dreaded flashing question mark inside a folder means that the startup disk is no longer able to find a Mac operating system to boot from. There are a few things you can try to do to fix this yourself. Reboot MacBook pro and then hold the Command (⌘) and R keys on your keyboard to startup from the macOS Recovery. I did this and was able to go through disk diagnostics telling me that there were some disk errors. I proceeded to fix what I could but found that on subsequent reboots to macOS Recovery showed different partition errors. Sometimes the disk utility completed successfully but other times it would stop repairing even if left overnight. If you did have a failing disk drive, the marked errors would be consistent and multiple passes will bypass these marked errors. I had erratic results however which led me to believe it may or may not be a bad disk. The next investigation should be to look at the disk drive connections to the SATA controller. Open the MacBook pro

Troubleshooting Microphone Problems using Fortnite on PS4

My son has been playing the popular game called Fortnite www.epicgames.com/fortnite/ on PlayStation 4 for many months now. There is social component to the game where a team of players collaborate by using their headset and microphone in their party/group chats. One day, the microphone on my son’s headset stopped working in Fortnite.  The troubleshooting that father-son had to go through to fix the issue is worth blogging about because I couldn’t stand seeing him get declined from Battle Royale party invites and just playing the game solo which isn’t as fun. For a few days, he would FaceTime his friends on our iPad so that they can talk on the side while playing Fortnite on PS4. You probably won’t want to go through that scene as well so I thought it’s time to put in some of the troubleshooting skills that we are so good at and put that to good use so that others can benefit from our experience. Here are 4 phases you will likely go through to try and fix this. 1) The first thing that

3 Apps to Monitor and Control Your Kid's Mobile Usage

If you are like most parents with young kids, you will most likely have run into issues prying mobile devices and tablets away from your kids’ hands. In my house, my kids are only allowed to use these devices on weekends and only for a maximum of 2 hours. This is easier said than done however and they end up sacrificing quality time on their other activities so that they can get back to whatever it is they do on these devices. I heard at the school of a mobile app that they used widely to curb these addictions with kids and technology and thought about trying it out. The app was OurPact. I have other devices to manage however so I had to hunt around for others. The apps listed below allows for a trial period which then converts to a freeware license with a limit of 1 device that can be managed indefinitely. Here are the top 3 that I am using for both my iOS and Android devices: • OurPact • Kidslox • Qustodio  The setup was fairly similar among these apps, with a parent and child