Hi, I'm displaying OSM map on my application by using OpenLayer scripts. From yesterday my anti virus software start indicating viruses (HTML/FRAMER, Trojan Horse etc.) in a map files and lock it. Anybody could help me how to solve this problem? asked 06 Jun '13, 13:19  leo_555 edited 06 Jun '13, 14:33  gormo showing 5 of 9 show 4 more comments |
This is a static archive of our old OpenStreetMap Help Site.
Please post any new questions and answers at community.osm.org.
What file exactly? Did you compare it against the original file? Has it been modified?
Maybe I name something wrong, I'm trying to display a map using script with OpenLayes on my web site f.e. URL:
www.fahrtenbuch-digital.de/Positer.html?lat=53.568176&lon=9.935604&zoom=13
and this causes a virus alert. I checked scripts of my web site on my server - no viruses was indicated. I'm not sure what from this could come?
Is the locking browser dependent - does it show differently in firefox and chrome or Internet Explorer?
No,it not depends on a browser, for all is the same result- antivirus software report alert of virus.
Would it be post a few more details? We still don't know which file your antivirus software is reporting a problem with (or what antivirus software you're using, with what settings).
Perhaps a screenshot would help?
From yesterday I change some antivirus software's to eliminate it as a reason. I was using AVG , Norton 360 now ESET. All indicated alerts but with different diagnose ( AVG - HTML/FRAMER ). Now from ESET it comes info :
Object :
www.fahrtenbuch-digital.de/Positer.html?lat=53.568176&lon=9.935604&zoom=13
Threat:
JS/Kryptik.ALA TROJAN HORSE
Info:
Connecting was terminated - under guarantine
Can you check each .js file separately to see which one is causing the alert?
I started to check .js files and find virus texture in script of my *.html file. It was hidden far in right side of editor and I didn't notice this. I deleted hostile text and it looks as working properly now. Thank you very much for support.
But that doesnt close the infection method. Do you have unsecured php applications on your server? Have you applied all OS patches on your machine and on the server?
I would consider your server compromised, including all the passwords. I would strongly recommend a full clean reinstall of the server, and all applications on it with the newest versions; otherwise you will get reinfected.
edit: Is your machine hosted by Hetzner? Then this may be of interest: http://www.heise.de/security/meldung/Hetzner-gehackt-Kundendaten-kopiert-1884180.html