October 13, 2008 at 7:47 am
Hi.
I have a website on my server that is infected with virus. If the users goes in it download virus to visitors PC.
I think it has got there in the first place because of some bad programming in our CMS system (that i know little about)
My question is: Does anyone know a good tool to scan SQL databases for viruses? I have tried Norton and Mcaffe but cant see if it actually check inside the tables of SQL.
CAn anyone recoment a good one that we could use. If no free versions available we are happy for a comersial version that is not to expensive 🙂
Kind Regards
Morten
October 14, 2008 at 5:58 am
As far as I'm aware this cannot be done with any AV scanner
- what type/name of virus are you trying to remove?
October 15, 2008 at 6:41 am
Where are you seeing the virus? Is it when they access the website or when they download something that is stored in the database? Can you extract the documents from the database to scan them?
October 15, 2008 at 7:32 am
Hi
You see the virus when you enter the website. You dont even have to download.
I open the site and i get virus warning on my PC and the PC can not remove it.
There are 2 viruses
JS/Fox.A
Trojan-Downloader.JS.Iframe.wh
I just have no idea how to get it out as it seems to be stored in SQL or that a line has been added somewhere to a link that download the viruses.
So I am a little stuck on where to look
Any help would be appreciated
Kind Regards
Morten
October 15, 2008 at 7:57 am
I had to fix one of these for a client. The virus got in via SQL injection from the website. The only artifact in the SQL database was HTML code in a text field. The HTML code contained a script call to a URL to the virus code on a computer with a .cn address. Check the column values to see if any HTML is in columns where it should not be.
October 15, 2008 at 9:08 am
Hi
Thanks. I will have a look at that.
Does that mean that we have a potential bad code in our CMS to allow sql injections? or would it more be settings on the Server/rights etc..
Running IIS5 and Win2000
Kind Regards
Morten
October 15, 2008 at 10:03 am
morten (10/15/2008)
HiThanks. I will have a look at that.
Does that mean that we have a potential bad code in our CMS to allow sql injections? or would it more be settings on the Server/rights etc..
Running IIS5 and Win2000
Kind Regards
Morten
This would definitely mean that you have bad code in the website, I am guessing that you are using dynamic SQL to access the database. This should be changed as soon as possible to use stored procedures or paramatized queries.
October 17, 2008 at 2:04 pm
Hi,
There is also a software called DotDefender which can be used as well
October 17, 2008 at 3:26 pm
Hi Grasshopper.
Thanks 🙂
That was just what I was looking for.
Of course I still need to find the hole but this will help me I think to deal with the situation and prevent it in the future.
Thanks alot
Regards
Morten
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply