Very Frustrated...Websites Compromised

[MysteryFCM]

No problem ...

[#41baby]

Hello,

I also read you can do something with the .HTACCESS file?

Is this true?

I deleted the entire websites that were affected and will be running ALL the scans you suggested tonight.

Once I get the OK from that site you suggested (that my computer is ok), I will re-load the sites with the new passwords.

Derek

MyseryFCM - I send you a private email question (sorry, meant to post here).

[MysteryFCM]

I also read you can do something with the .HTACCESS file?

Is this true?

This is indeed true, yes. This file has been known to be modified to redirect to malicious sites, so should also be replaced with a backup if possible.

MyseryFCM - I send you a private email question (sorry, meant to post here).

No problem

[#41baby]

Hello,

By the way, I checked my serve and I do not have a .HTACCESS file.

Is this a problem?

DN

[MysteryFCM]

That's not a problem at all

You can create one however;

http://www.freewebmasterhelp.com/tutorials/htaccess/

[#41baby]

Hello,

Ok, my Hijack This log was checked and clean.

They also made me do three other scans, all of which were clean.

I am not sure I understand the tutorials for the htaccess.

Do I need one for it to work?

Thanks,

DN

[MysteryFCM]

You don't need a .htaccess, no. It is generally recommended however.

Now your machine has the all clear, you can delete the files on the server, and replace them with the clean backups (assuming your FTP password has been changed now?)

[#41baby]

Hello,

Before I started the malware check on my computer, I went on all three servers that I deal with and deleted the files.

I checked my files on my computer and they are clean.

The company I deal with changes the passwords and emails to me so I should get them today.

I have done everthing you suggestion.

I hope this ends the problem.

Thanks,

Derek

[MysteryFCM]

My pleasure

[#41baby]

Hello,

I see this line in one my pages:

<!-- saved from url=(0022)http://internet.e-mail -->

Does it mean anything?

DN

[MysteryFCM]

That means the page was saved from somewhere else.

Is the file one of yours? (can you post a copy of it? (zipped please))

[#41baby]

Hello,

They are the files from my computer.

They appear to be on all my files.

Thanks,

DN

[MysteryFCM]

Where the files obtained from? (i.e. did you use a crawler or such, to backup an online copy of your site).

My reason for asking is that the line in question, is only ever seen, when a downloader of some description, has been used to create an offline copy of a website. It is highly unusual for files to contain this otherwise.

[#41baby]

Hello,

I have no idea.  I create the site on my computer and upload it to the server.  I never had a back-up.

What should I do with that line?

Can I delete it?

DN

[MysteryFCM]

You can delete that line, yes