Virus on Network?

[patriotaki]

i have a blog website with wordpress, i was seeing random online dating articles in my blog but no files or posts in the admin panel..i researched it a bit and found out that it was javascript injection (i think)
 
other people couldnt see anything, but in my laptop and my phone were seeing those dating articles
 
i reset the router and it got fixed. no more dating articles in my blog
 
the question now tho is where did they come from? probably a software injected it?
 
is there anyway i can find it? scan the network for viruses?
how do i know that my other machines in the network werent infected or something?
 
i have installed anything in my lapotop for a long time
 
i formatted my desktop few days ago and installed adobe master suite and ms office 2013 and used the AACT Portable to activate office , but i didnt access my blog through that computer
 
what should i do now?

[Radium_Angel]

5 minutes ago, patriotaki said:

i have a blog website with wordpress, i was seeing random online dating articles in my blog but no files or posts in the admin panel..i researched it a bit and found out that it was javascript injection (i think)
 
other people couldnt see anything, but in my laptop and my phone were seeing those dating articles
 
i reset the router and it got fixed. no more dating articles in my blog
 
the question now tho is where did they come from? probably a software injected it?
 
is there anyway i can find it? scan the network for viruses?
how do i know that my other machines in the network werent infected or something?
 
i have installed anything in my lapotop for a long time
 
i formatted my desktop few days ago and installed adobe master suite and ms office 2013 (cracked from piratebay) and used the AACT Portable to activate office , but i didnt access my blog through that computer
 
what should i do now?

JS injections can come from all kinds of places, loopholes in unpatched routers, pirated software (tsk tsk) software and OS vulnerabilities, the list goes on.

If one system on a network is infected, chances are pretty good the others are seeing something as well. I'd be examining your network very carefully...

 

Oh, and dump the pirated software.

[patriotaki]

14 minutes ago, Radium_Angel said:

JS injections can come from all kinds of places, loopholes in unpatched routers, pirated software (tsk tsk) software and OS vulnerabilities, the list goes on.

If one system on a network is infected, chances are pretty good the others are seeing something as well. I'd be examining your network very carefully...

 

Oh, and dump the pirated software.

how can i examine it?

any way to track them down

[Radium_Angel]

12 minutes ago, patriotaki said:

how can i examine it?

any way to track them down

Give me details about your network. Number of systems, OS, etc

[patriotaki]

53 minutes ago, Radium_Angel said:

Give me details about your network. Number of systems, OS, etc

6-7 smartphones on wifi android/ios 1 desktop pc win10,3 laptops also win 10

also a QNAP on the network and some other storage devices

[Radium_Angel]

Start with the usual, Malwarebytes. I know a version exists for Android. Can't say for Apple.

If it finds anything, then let us know what it finds and we'll go from there

[patriotaki]

20 minutes ago, Radium_Angel said:

Start with the usual, Malwarebytes. I know a version exists for Android. Can't say for Apple.

If it finds anything, then let us know what it finds and we'll go from there

im running malwarebytes on laptop atm 5threats so far, also run rogue killer found 20 threats most of them were registry keys, 

 

i also think i have a bitcoin miner running on background..how can i detect those? spy hunter is ggood?

[Radium_Angel]

never heard of spy hunter, other than the video game.

sounds you have a mess on your hands.

 

 

[Megladon]

17 minutes ago, patriotaki said:

im running malwarebytes on laptop atm 5threats so far, also run rogue killer found 20 threats most of them were registry keys, 

 

i also think i have a bitcoin miner running on background..how can i detect those? spy hunter is ggood?

7

The easiest way to check for bitcoin miner script is running something like glasswire or having a firewall pc logging all the requests. The JS displaying the ads was probably caused by just visiting some shady website you can clear your cache on your pc and phone to remove it.

[patriotaki]

8 minutes ago, Radium_Angel said:

never heard of spy hunter, other than the video game.

sounds you have a mess on your hands.

 

 

which programs should i use?

[patriotaki]

1 minute ago, Megladon said:

The easiest way to check for bitcoin miner script is running something like glasswire or having a firewall pc logging all the requests. The JS displaying the ads was probably caused by just visiting some shady website you can clear your cache on your pc and phone to remove it.

they werent ads..they were articles in my blog like i would have posted them but i didnt, they were nowhere in the admin panel..

some sort of injecion in the wordpress template probably..after resetting the router they got removed from my iphone and laptop..others didnt see those articles..

[Megladon]

1 minute ago, patriotaki said:

which programs should i use?

AdwCleaner is also a very handy tool for cleaning up your pc

Just now, patriotaki said:

they werent ads..they were articles in my blog like i would have posted them but i didnt, they were nowhere in the admin panel..

some sort of injecion in the wordpress template probably..after resetting the router they got removed from my iphone and laptop..others didnt see those articles..

Strange that it was cached on your router

[patriotaki]

1 minute ago, Megladon said:

AdwCleaner is also a very handy tool for cleaning up your pc

Strange that it was cached on your router

ye..thats why i am bit afraid..i dont want other computers to get infected..after malwarebytes ill run adwcleasner and then glasswire

[Megladon]

Glasswire is a network analyzer so you will have to manually check which recurring request like ones to https://coin-hive.com/lib/coinhive.min.js are suspicious and block them in firewall or just use adblock. Alternatively you can use a plugin like minerBlock Chrome extension but I recommend using glasswire

[patriotaki]

3 hours ago, Megladon said:

Glasswire is a network analyzer so you will have to manually check which recurring request like ones to https://coin-hive.com/lib/coinhive.min.js are suspicious and block them in firewall or just use adblock. Alternatively you can use a plugin like minerBlock Chrome extension but I recommend using glasswire

already have minerblock plugin on browser, deleted some threats found with malwarebytes and adwcleaner..now ill try to run glasswire see how it works..anything else i can do?

[patriotaki]

4 hours ago, Megladon said:

Glasswire is a network analyzer so you will have to manually check which recurring request like ones to https://coin-hive.com/lib/coinhive.min.js are suspicious and block them in firewall or just use adblock. Alternatively you can use a plugin like minerBlock Chrome extension but I recommend using glasswire

i noticed a process in task manager with the name "ctfmon.exe" some say its bitcoin miner others say its system process thats why i thought i had a miner running on bg

[patriotaki]

so far so good in glasswire..i dont see anything unsual..just 5-6apps that used the network so far..nothing uncommon

 

hope im clean ..anything else i can do?

[Megladon]

14 hours ago, patriotaki said:

so far so good in glasswire..i dont see anything unsual..just 5-6apps that used the network so far..nothing uncommon

 

hope im clean ..anything else i can do?

Just get a paid antivirus like Bitdefender or Kaspersky if you don't already have one. Other than that if you don't have excessive CPU usage for no reason you should be fine. If that is all you can mark this post as solved

Glad to help