This is a static archive of our old OpenStreetMap Help Site. Please post any new questions and answers at community.osm.org.

Problem with Virus

0

Hi,

I'm displaying OSM map on my application by using OpenLayer scripts. From yesterday my anti virus software start indicating viruses (HTML/FRAMER, Trojan Horse etc.) in a map files and lock it. Anybody could help me how to solve this problem?

asked 06 Jun '13, 13:19

leo_555's gravatar image

leo_555
11112
accept rate: 0%

edited 06 Jun '13, 14:33

gormo's gravatar image

gormo
2.9k32660

2

What file exactly? Did you compare it against the original file? Has it been modified?

(06 Jun '13, 13:44) scai ♦

Maybe I name something wrong, I'm trying to display a map using script with OpenLayes on my web site f.e. URL:

www.fahrtenbuch-digital.de/Positer.html?lat=53.568176&lon=9.935604&zoom=13

and this causes a virus alert. I checked scripts of my web site on my server - no viruses was indicated. I'm not sure what from this could come?

(06 Jun '13, 14:02) leo_555

Is the locking browser dependent - does it show differently in firefox and chrome or Internet Explorer?

(06 Jun '13, 14:34) gormo

No,it not depends on a browser, for all is the same result- antivirus software report alert of virus.

(06 Jun '13, 14:50) leo_555

Would it be post a few more details? We still don't know which file your antivirus software is reporting a problem with (or what antivirus software you're using, with what settings).

Perhaps a screenshot would help?

(06 Jun '13, 15:03) SomeoneElse ♦

From yesterday I change some antivirus software's to eliminate it as a reason. I was using AVG , Norton 360 now ESET. All indicated alerts but with different diagnose ( AVG - HTML/FRAMER ). Now from ESET it comes info :

Object :

www.fahrtenbuch-digital.de/Positer.html?lat=53.568176&lon=9.935604&zoom=13

Threat:

JS/Kryptik.ALA TROJAN HORSE

Info:

Connecting was terminated - under guarantine

(06 Jun '13, 15:15) leo_555

Can you check each .js file separately to see which one is causing the alert?

(06 Jun '13, 15:17) scai ♦
2

I started to check .js files and find virus texture in script of my *.html file. It was hidden far in right side of editor and I didn't notice this. I deleted hostile text and it looks as working properly now. Thank you very much for support.

(06 Jun '13, 15:46) leo_555
2

But that doesnt close the infection method. Do you have unsecured php applications on your server? Have you applied all OS patches on your machine and on the server?

I would consider your server compromised, including all the passwords. I would strongly recommend a full clean reinstall of the server, and all applications on it with the newest versions; otherwise you will get reinfected.

edit: Is your machine hosted by Hetzner? Then this may be of interest: http://www.heise.de/security/meldung/Hetzner-gehackt-Kundendaten-kopiert-1884180.html

(06 Jun '13, 20:25) gormo
showing 5 of 9 show 4 more comments

Source code available on GitHub .