Comments on: Automatic removal of Gumblar/Martuz trojan http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/ Random software musings Sat, 19 May 2012 04:45:52 +0000 http://wordpress.org/?v=2.6.2 By: digitalpbk http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-491 digitalpbk Wed, 31 Mar 2010 13:22:03 +0000 http://www.danielansari.com/wordpress/?p=57#comment-491 To remove the gumblar virus on a web root use the perl script given http://digitalpbk.com/virus/gumblar-web-virus-manual-removal-free-tool To remove the gumblar virus on a web root use the perl script given http://digitalpbk.com/virus/gumblar-web-virus-manual-removal-free-tool

]]> By: WARNING. NEW FIREZILLA HACK - AskDamageX.com Webmaster Forum http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-474 WARNING. NEW FIREZILLA HACK - AskDamageX.com Webmaster Forum Thu, 10 Dec 2009 09:30:33 +0000 http://www.danielansari.com/wordpress/?p=57#comment-474 [...] expressions and removes them. Download php removal code here original creater and instructions here if some php guru can contact me and help me modify the script (with the regulars expresions that [...] [...] expressions and removes them. Download php removal code here original creater and instructions here if some php guru can contact me and help me modify the script (with the regulars expresions that [...]

]]> By: admin http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-472 admin Mon, 16 Nov 2009 13:52:45 +0000 http://www.danielansari.com/wordpress/?p=57#comment-472 Mark, I searched Dynamic Drive forums and unfortunately there's nothing at all on Gumblar there. I don't know whether another site may have the same content. It wasn't an essential link. I looked back and found that Jason's comment here: http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/comment-page-1/#comment-817 had something similar to the content on that Dynamic Drive page. Mark, I searched Dynamic Drive forums and unfortunately there’s nothing at all on Gumblar there. I don’t know whether another site may have the same content. It wasn’t an essential link.

I looked back and found that Jason’s comment here: http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/comment-page-1/#comment-817 had something similar to the content on that Dynamic Drive page.

]]> By: admin http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-471 admin Mon, 16 Nov 2009 13:19:41 +0000 http://www.danielansari.com/wordpress/?p=57#comment-471 dizi forum: Sorry, this script is PHP only - you would have to translate it to ASP(.NET). dizi forum: Sorry, this script is PHP only - you would have to translate it to ASP(.NET).

]]> By: Mark http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-470 Mark Mon, 16 Nov 2009 13:08:04 +0000 http://www.danielansari.com/wordpress/?p=57#comment-470 Thanks for the article, Unfortunately the link http://www.dynamicdrive.com/forums/showthread.php?p=194695 is now dead. Can anyone refer me to an updated link please. thanks Thanks for the article,

Unfortunately the link http://www.dynamicdrive.com/forums/showthread.php?p=194695 is now dead. Can anyone refer me to an updated link please.

thanks

]]> By: dizi forum http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-469 dizi forum Sun, 08 Nov 2009 17:34:40 +0000 http://www.danielansari.com/wordpress/?p=57#comment-469 good article,but i your cleanin php tool didn't work in my infected asp script 8windows server) do you have any thing for asp? good article,but i your cleanin php tool didn’t work in my infected asp script 8windows server) do you have any thing for asp?

]]> By: Jon http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-467 Jon Wed, 21 Oct 2009 12:06:18 +0000 http://www.danielansari.com/wordpress/?p=57#comment-467 THANK YOU! Your php script did an awesome work, i have now cleaned up what was a total mess! Thank you! THANK YOU!

Your php script did an awesome work, i have now cleaned up what was a total mess! Thank you!

]]> By: Buddy Patton http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-466 Buddy Patton Thu, 13 Aug 2009 21:18:55 +0000 http://www.danielansari.com/wordpress/?p=57#comment-466 Hello Daniel, I was attempting to use your script but when placed in the root directory of my website on a linux machine it recurses all the way back starting with / Is there any way that I can make it scan only the directory in which I placed it in? Hello Daniel,

I was attempting to use your script but when placed in the root directory of my website on a linux machine it recurses all the way back starting with /

Is there any way that I can make it scan only the directory in which I placed it in?

]]> By: Aina http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-465 Aina Mon, 13 Jul 2009 06:36:48 +0000 http://www.danielansari.com/wordpress/?p=57#comment-465 Daniel, Which online regex checker are you referring to? Thanks, Aina. Daniel,

Which online regex checker are you referring to?

Thanks,
Aina.

]]> By: Aina http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/#comment-464 Aina Mon, 13 Jul 2009 06:35:48 +0000 http://www.danielansari.com/wordpress/?p=57#comment-464 Hi Daniel, This is the bit I am trying to get rid of and the scan_files.php is not picking it up in all the files: http://pastie.org/543861 Maybe I need to modify the regular expression, been Googling my way through my first day in PHP. Thanks, Aina. Hi Daniel,

This is the bit I am trying to get rid of and the scan_files.php is not picking it up in all the files:
http://pastie.org/543861
Maybe I need to modify the regular expression, been Googling my way through my first day in PHP.

Thanks,
Aina.

]]>