MalwareCity.com ( BitDefender Security Portal) has created a contest called “Spread Security And Win” for those who want to help others to secure their PCs with BitDefender Internet Security 2010 for 90 days and in the same time want to enter the contest to win the big prize, an Apple iPad 16 GB Wi-Fi, a MalwareCity T-shirt and Mug.

The contest is working in the following way:

1. You register on the contest page here http://www.malwarecity.com/site/SpreadSecurityAndWin

2. You get 3 types of banners and a custom link with an ID. You have to promote this banners the way you know best till the contest ends. The contest runs from 29 th July 2010 till the 23th August 2010. The link you will promote are pointing to a page where users can download BitDefender Internet Security 2010 valid for 90 days from installation.

3. At the end of the contest we will analyze the data, and the participant that brought the most unique visitors will win the big prize.

Please also take a look at the contest rules here (country limitation has been removed through an amendment) : http://www.malwarecity.com/site/SpreadSecurityAndWin/ContestRegulation

Wish you the best luck!

Just want to download BitDefender Internet Security 2010 free for 90 days? Click on the banner:

Or click on the following link: http://www.malwarecity.com/site/DownloadBitDefender2010/2856115 . You can spread the word about this free antivirus, tell your friends!

My story with the Cechirecom base64 hack/virus

Yesterday I saw that if I would access my website I would be redirected to another page where It tells me that I am infected and that I need to install the antivirus program they provide on that page. The thing is that this antivirus program was in reality an Rogue Antivirus (FakeAv), I had BitDefender installed on my PC so I wasn’t affected, but I am not sure for the hundreds of  visitors I has yesterday on all my blogs and web pages.

First I checked all my php files in my main wordpress installation and I saw there is a <?php /**/  eval(base64_decode(“aWYoZnVuY3Rpb25fZ which would translate into a code that was loading a Javascript.  I started to clean them up manually, I succeed to clean most of the files in my wp-content folder where all the plugins and themes are but there were also hundreds of other files in the core of the wordpress installation that were affected.  So I removed all that files and installed wordpress again.  Click here to see how to upgrade manually.

Now, this hasn’t cleaned up all my wordpress installations or other CMS installations I had on this hosting account.  So I started searching the internet and found a script that would cleanup the mess here http://inspirated.com/2010/03/02/wordpress-ninoplas-virus-and-the-fix (I am not sure why but my comments are not published there). The thing is that the code was a little different from what I had so it didn’t worked, also Godaddy said access denied when I tried it. I also tried to customize the code a little bit with what I had but still nothing. The following will work for all base64 viruses.

Ninoplas and Cechirecom Base64 Removal (Godaddy)

Now, if you have a GoDaddy account and a wordpress installation or this issue on any other CMS (php files) you can do the following ( I found the ssh command on wordpress.org in a comment and it worked for all infected files in few seconds):

1.  Enable the SSH on your Godaddy account, it can take up to 24 hours. Read here how: http://help.godaddy.com/topic/58/article/4942

2 . Download PUTTY and install it.

3. After the SSH is enabled, start PUTTY and use the following:

Host Name or IP Address
Type your host name (domain name) or IP address.
Port
If prompted for the port, type 22.

4. A black screen will appear and you will have to log-in with the following:
User Name or Login as
The primary FTP user name for the account.
Password
This is the same as the primary FTP user password on the account.

5. Now, you have to type in the following to get to your folder where you have your html/php files and all the installations (don’t forget to hit enter after):

cd html

6. You almost cleaned up your website. The following code has to be copy pasted into the the PUTTY window:

find . -type f -name "*.php" -exec sed -i '/base64_decode/d' {} \;

For pasting into the PUTTY window, just press right click where you should insert the code. (The code here is searching all the php files for the base64_decode tag and if it finds  it, then it removes it together with the entire malware code. This will check all files and folders under the one you have accessed earlier, in this case the “html” folder which is the root of your files)

7. Now check out the php files to see if it has cleaned up the malware code and tell me the result in a comment, or other tips and tricks to remove such malware from our sites.

Tips and tricks after the fix

If everything went ok after that, you should upgrade wordpress to the latest version which can be found here:  http://wordpress.org/latest.zip . Checkout here how to upgrade: http://codex.wordpress.org/Upgrading_WordPress . Also upgrade all the plugins you have installed and remove all plugins that are inactive and which you don’t use.

Other tips regarding Cechirecom can be found here: http://www.wpsecuritylock.com/cechriecom-com-script-wordpress-hacked-on-godaddy-case-study/ (BTW, the restore feature didn’t worked for me, it simply said “Cannot access folder” on backups before 23 April)

For Users (also for infected website owners):

- Read how to remove Rogue AV on MalwareCity.com : http://www.malwarecity.com/blog/how-to-remove-rogue-security-software-274.html

- Use the BitDefender Online Scanner to remove viruses (access it with Internet Explorer):

Please let me a comment if it worked out for you, also please let a comment if you have other tips for removing the malware or for securing wordpress.

I installed dropbox for some time now and I want to say that this is one of the best online services i know about. After creating an account and installing the software it creates a folder named “My DropBox”, everything you put in that folder will be synchronized with the DropBox server, so everything will be safe, you have one copy on your PC and the other on the server. If you put DropBox for example on you office pc and on your home pc and use the same account, then you will have the same files on both of the computers. The folders in MyDropbox can be also be shared with your friends who have also DropBox installed.

DropBox can replace:

* Emailing file attachments to yourself and other people
* Using USB drives to move files between computers
* Renaming files to keep a history of previous versions
* Complicated backup software
* FTP servers, system-specific sharing methods, Network Attached Storage (NAS)

Something that is also interesting is that it works also with iPhone (app), the files can be accesed also from the browser. You can get dropbox from here: www.dropbox.com