Banana Munki

I let myself be fooled. It looked so fun and I wanted one. I installed myWebFace (a world of fun) the other day and now find my computer infested with parasites. I will not even link to the darn site. It’s not worthy of a free link from Banana.Munki.se!

I wanted a cool cartoon me:

(See how fun it looks?)

myWebFace front page:

SpyHunter scan results:

(This image is clickable and will show you the full size of the image)

Before I ran the executable file I scanned it with my anti virus program (I use AVG) and nothing was found. Doing some research of www.myWebFace.com I have found that the website itself appear malware, trojan, virus, etc free however installing myWebFace on your machine will unleash all hell!

My website was hacked. A piece of code generating an invisible iframe linking to a website containing badware had been inserted into some files. I figured it out after I attempted to access my website using Firefox which warned me that the website I was trying to view was hosting files that could be harmful to my computer and gave the choice to either get me out of there or ignore the warning.

You can guess how fun that was.

I do regularlly backups so nothing was lost but I, being the busy full-time mother I am; had to change passes, create a new database and do a clean install of WordPress as well as do some reading and tweaking on how to secure a WP installation.

I found the code, that looked something like this:

It was inserted in the current theme in files such as the footer.php and the header.php as well as all index.php files in my installation of WordPress: /wp-admin/index.php, /wp-content/plugins/index.php, and so on. Also in these: /wp-includes/default-widgets.php and /wp-includes/default-filters.php.

Having done the best I (currently) know how to make my website more secure I requested a review of my website by Google through Webmaster Tools and since I now am able to access my website without any warnings it validates (I’ve rid the badware) and hopefully prevented further intrusion.

UPDATE–
Googling the issue I found the suggestion that a virus enters your computer through a torrent program and gets access to a website when you use an FTP program. I use uTorrent and FileZilla so I don’t smash that theory.

My computer has been infected with badware. The symptoms lead me to investigate; My computer had slowed down dramatically, it took longer than usual to reboot, the Internet connection was unusually slow and the set homepage in the browser switched. I started checking my list of installed software and came across something that to me was unknown; RelevantKnowledge, which I through Googling found was a spyware.

I ran into this 411 on how to get rid of RelevantKnowledge which I found useful. I also used my spyware scanner (called SpyHunter) and I think I managed to get rid of RelevantKnowledge. Yippi!