Here’s what you will see if you will try to surf a site on Google Chrome that is infected by the trojan coming from the said site:

Now, how to remove it from your website? Well I found no reference on the net to remove it instantly so what I did is I removed the trojan scripts on each file (.JS, .HTML, INDEX.PHP) that I suspected for infection using Filezilla (FTP client program). For the WordPress infection, what I only did was I re-updated / upgraded the site to the latest version which causes the process to override existing files then remove the script from the WP-CONFIG.PHP file. This is the only file that is not overwritten by the said process that’s why I need to remove the trojan scripts manually.

As always, prevention is better than cure to avoid the pain of fixing the problems it cause to the site and to the owner. Here are some of my suggestions and recommendations I found from different web hosting sites regarding avoidance of hacking and malware infections on your site:

1. Change the file attributes of the files that doesn’t require writing permissions. I usually set my files to 755 attributes (MOD 755)
2. Update your antivirus virus database and enable or use network + web shield features at all times. Usually infection of websites starts from the local PC that uses to upload new files.
3. Read this PHP Security fixes recommended by a web hosting company. It contains comprehensive tips on how to avoid PHP exploits and hacks. Read it carefully and apply it if it is possible.

If you have any better solutions out there or any recommendations on dealing on this kind of exploits/hacks, feel free to leave it here. I am sure that a lot of people will really highly appreciated the help that you can provide.

Removal and Prevention of Gumblar.cn Infections is a post from: Bleuken.com

No related posts.