Online scanning of the system, files and links for viruses. How to check your browser for viruses Checking php for malicious code

While working in the browser, pop-up ads (usually advertising) appear that you can’t close the first time? Don't recognize the home page or search engine? Are you automatically redirected to web pages you don't know? Have unfamiliar extensions appeared that you did not install? Are there new icons in the toolbar? Does the browser logo look weird? It is obvious that your browser is infected with a virus. How to solve this problem? Read about this below in our article - step by step, in detail.

Let's start with something simple. Namely, how to check your browser for viruses online.


Surfpatrol.ru


If you still have questions, we invite you to watch a video describing the process.

Video - How to check your browser for viruses, security and errors

Redirect virus detection and removal

Step 1: Enter Safe Mode

The redirect virus removal process is usually the same for everyone Windows versions from XP to Windows 8.


Windows 8 users can switch to Safe Mode.


Step 2: Check your proxy settings

Important! Browser redirect viruses can use remote server, which is not the way you would normally connect to . By disabling this, you will already have taken a big step towards removing the virus.

Check your system's proxy settings:


Step 3: Managing Browsers

At this point, it will be unclear where the browser redirect virus comes from, and this will be the case until you check the reports from the removal tools.

Once this is done:


Virus removal tools

There are currently several tools available that can be used against the redirect virus.

The best way would be to download and run the Kaspersky TDSSKiller rootkit remover, followed by the reliable MalwareBytes Anti-Malware Free. For additional checks, use HitmanPro.

  • Kaspersky TDSSKiller;
  • MalwareBytes Anti-Malware Free;
  • HitmanPro;
  • Google.

Kaspersky TDSSKiller


MalwareBytes Anti-Malware Free

This program will automatically launch after installation and a message will appear recommending that you update. Click "Fix Now" to run the first scan. When it is completed (the program may ask you to click the "Update" button first), the program will display a list of threats found. Click "Quarantine All" and then "Apply Actions".

HitmanPro

After installation (a one-time run option without installation is also available), HitmanPro scans your computer (including browsers) for stubborn rootkits, malware and other harmful files. Files will be displayed as they are found. Once the scan is complete, click "Next" to remove them.

You will need to click "Activate Free License" to receive your free 30-day trial version for HitmanPro if you don't plan to buy it.

Once these scans are complete, finish with your regular PC virus scanning software, which can be a free antivirus utility such as Avira, AVG or Kaspersky, or a premium package such as BitDefender Internet Security.

We hope you found the article useful and you can easily clean your browser of viruses.

Not all people resort to using an antivirus on their PC or laptop. Automatic computer scanning consumes quite a lot of system resources and often interferes with comfortable work. And if suddenly your computer starts behaving suspiciously, you can analyze it for problems online. Fortunately, today there are enough services for such verification.

Below we will consider 5 options for analyzing the system. True, it will not be possible to carry out this operation without downloading a small auxiliary program. Scanning is carried out online, but antiviruses require access to files, and doing this through a browser window is quite difficult.

Services that allow scanning can be divided into two types - system and file scanners. The former check the entire computer, the latter are able to analyze only one file uploaded to the site by the user. Online services differ from simple anti-virus applications in the size of the installation package, and do not have the ability to “clean” or remove objects susceptible to infection.

Method 1: McAfee Security Scan Plus

This scanner is a quick and easy verification method that will analyze your PC for free in a few minutes and assess the security of the system. It does not have a malware removal function, but only notifies you when viruses are detected. To start scanning your computer using it, you will need:


The program will begin scanning and then display the results. Click on the button "Fix Now" will redirect you to the purchase page for the full version of the antivirus.

Method 2: Dr.Web Online Scanner

This is a good service with which you can check a link or individual files.

In the first tab you are given the opportunity to scan the link for viruses. Paste the address into text string and press " Check".

The service will begin the analysis, after which it will display the results.

In the second tab you can upload your file for verification.

  1. Select it using the button "Choose file".
  2. Click "Check".

Dr.Web will scan and display the results.

Method 3: Kaspersky Security Scan

Kaspersky antivirus is capable of quickly analyzing a computer, the full version of which is quite well known in our country, and its online service is also popular.


In the next window you can see additional information about the problems found by clicking on the inscription "More details". And if you use the button "How to fix everything" the application will redirect you to its website, where it will offer to install full version antivirus.

Method 4: ESET Online Scanner

The next option for checking your PC for viruses online is free service ESET from the developers of the famous NOD32. The main advantage of this service is the thorough scanning, which can take about two hours or more, depending on the number of files on your computer. The online scanner is completely deleted after finishing work and does not leave any files behind.


ESET Scanner will update its databases and begin analyzing the PC, after which the program will display the results.

Method 5: VirusTotal

VirusTotal is a service from Google that can check links and files uploaded to it. This method is suitable for cases when, for example, you have downloaded a program and want to make sure that it does not contain viruses. The service can simultaneously analyze a file in 64 ways (on this moment) databases of other antivirus products.

  1. To check a file using of this service, select it to download by clicking on the button of the same name.
  2. Next click "Check".

The service will begin analysis and display results for each of the 64 services.


To scan a link, do the following:

  1. Enter the address in the text field and click on the button "Enter URL."
  2. Next click "Check".

The service will analyze the address and show the results of the verification.

Until recently, anti-virus scanning of websites was available only to qualified specialists who understood methods of combating malicious code on websites. Now it has become easier to analyze a website with an antivirus; a large number of scanning tools are offered on the market, however, not all of them can guarantee a full scan, and even fewer can be cured. We will talk about the various existing approaches to scanning and their treatment and compare them with the capabilities that Virusday provides.

Services for checking websites for viruses without installing software

The easiest to create and least effective are services that scan generated site page codes. Such services allow you to check a site with an antivirus superficially - by going through the available HTML pages websites JS scripts (JavaScript) to detect the presence of malicious codes. The use of such services does not require any knowledge or skills from the owner.
All you need to do is simply enter the address in the required field on the service page and click the “Check” button.

The service will begin crawling the available pages of the resource of the specified page, moving between the pages of the site following the links found on them and checking the HTML code for the presence of suspicious fragments. Also, such services usually scan files of .JS scripts included on pages, since they, like HTML, are available in explicit form. In addition to their basic functionality, such online scanners check for the presence of the specified URL in blacklists search engines and browsers. You can check for yourself whether your site has been blacklisted, for example, here:

Google check (Google Safebrowsing):
http://www.google.com/safebrowsing/diagnostic?site=http://websitename.com

Yandex check (Yandex Safebrowsing):
http://yandex.ru/infected?url=websitename.com
In both cases, you need to substitute the address of your website instead of websitename.com.

After scanning is completed, such a scanner will produce a result containing a list of threats found and the site files affected by them. However, it is impossible to cure your site with such a service (it is only possible to check the site for viruses, i.e. for their presence or absence), since it does not have access to your resource. In addition, the main problem is the inaccessibility of PHP files for the scanner. PHP files are inaccessible to users, however, in most cases these files contain malicious codes. Also, but quite rarely, malicious codes can even be contained in the resource database, and their detection and removal requires access to the DBMS.

Services with manual upload of files for scanning and treatment

Often on the Internet you can find the definition of such a service as a “site for checking files for viruses,” however, you need to understand that these are full-fledged serious services, much more than just sites.

In addition to simple online scanners, there are also slightly more advanced services with which verification is also available. Such resources allow you to upload any of your files from your computer on their page and check it immediately with many anti-virus databases for threats. Undoubtedly online check the virus detection here will be more complete than in the case of the previously described services. Here you can check all types of files from .html to .php. The only limitation can be the size of the uploaded file, the maximum threshold of which is set by the service itself. The obvious disadvantages of this approach are both the need to first download your website files to your computer, and the impossibility of disinfecting website files, even despite scanning them completely.
Just imagine how many files you will have to check one by one (usually, such services allow you to upload files one at a time), if there are hundreds or tens of thousands on the site? Such a service will also not be able to cure a file by removing malicious codes from it. Such services usually do not provide such functionality, since their entire operating principle is based on checking files using foreign signature databases, and their owners (usually large companies developing anti-virus software) will not provide them to the service provider. On their side, antivirus software developers who provide file scanning services will not treat them either, because such services are free.

We do not know whether Kaspersky allows you to check sites for viruses online. The company announced an online file scanner http://www.kasperskyasia.com/virusscanner, however, it seems that the laboratory has discontinued this project and Kaspersky no longer allows downloading files, as well as checking the site for viruses.


Here we can say that this (second) type of file scanning service is also not an antivirus, but is only an inferior diagnostic complex, which is also not very convenient when there are a large number of files on a website. You won't be able to scan a website with this service either.

Services for scanning and treatment with the need to provide FTP access

Services of the third type are already almost full-fledged antiviruses. They allow you to detect viruses and threats on websites in files of all types. They allow you to remove malicious codes, however, there are also disadvantages and some limitations.

First, you need to give such an FTP service access to your site. This is not always convenient for website owners, who often have no idea what FTP is, or, conversely, advanced owners or administrators who are well versed, but have set restrictions on accessing their server via FTP. Also, this method of connecting to your server implies an increase in traffic on your server for the sole reason that for checking and treatment, the service will download files to itself and then upload them back to your server. In addition, such a connection is not always stable and can break at the most inopportune moment of work, possibly damaging some of the files.

Secondly, in most cases, such services are not automatic full-fledged antiviruses. Often, all the treatment work is performed by real people who access the site via FTP. This fact does not always please the owner. The main problem is the inability to quickly respond and eliminate threats. After all, a person is not a machine. He needs more time to analyze and perform operations, which he often doesn’t have. Search engines will not wait for a specialist to cure the site, but will simply place it in a ban (blacklist) at the first check, which, as is known, is carried out more than once a day.

Services for scanning and treatment without the need to provide FTP access. Full-fledged online antivirus websites.

Such services are very rare. They can be called full-fledged antiviruses for websites. They don't need FTP access to your site. They do not require installation or configuration. They are completely autonomous. All operations are carried out in automatic mode in accordance with the set settings, often already optimally selected by default. There is only one copy.

Virusday is the first representative of a new type of service for automatically checking and eliminating threats and malicious codes on a website. Only with such a service can you be calm about your position in search results, since if your files become infected, they will be disinfected before search engines detect them.

The Virusday cloud service helps solve the problem of finding and treating viruses, monitoring the performance and centralized management of sites (created using JS, PHP and HTML) on VDS and DS servers and is intended for ordinary users and site owners, programmers, system administrators and web studios. The antivirus does not require installation and is managed remotely through your Virusday account. For the service to work, you need to place the synchronization file, offered for downloading when adding a new site, to the root directory of the corresponding site using, for example, FTP.

All you need to do is register and place one special sync file at the root of your sites. Add your sites to the list. Manage on one page, see their status, scan results and removal of threats. Automatic scanning with an interval of 24 hours is enabled when a new site is added to the list, but manually you can change the settings of each resource individually, setting the scanning interval to, say, 6 hours. Website virus test happens automatically.

You can check the site for viruses for free, however, in order to cure website from viruses you will need to connect a paid account.

You can view infected files with selected fragments of malicious code, disinfect sites with one button, receive reports on infection and treatment results on email. Virusday allows you to forget about problems with viruses on websites and do what you are really interested in.

Website management in Virusday

In the control panel of a specific site, you can scan and disinfect the site by clicking the “Scan” or “Disinfect” button in the “Antivirus” section panel. The scanning and treatment process can take a long time and depends on the size of your site.

Site treatment

The treatment process is carried out in exactly the same way as scanning, however, in this case, infected files are immediately treated or deleted. Before treatment, we recommend that you make a complete archive of the site, since the treatment process involves deleting, editing files or database records of your site.

Treatment and scan reports

You can view the latest (current) scan and treatment report in the Antivirus section below the dashboard. By default, the list of detected threats is displayed in the form of a table traditional for antiviruses (the switch is in the “Details” position). You can view the contents of infected files with the malicious code highlighted in them simply by clicking on the infected file in the “Visual” mode or by clicking on the link to the infected file in the “Details” mode.

Server information

In the “Server Data” section you can view the current data of your server (the server on which your website connected to Virusday is located) and its basic settings. Also, here you can re-download the synchronization file if it is deleted from the server and the site is unavailable for Virusday. If the site is unavailable for the service for some reason, instead of the “Rights are confirmed, the site is synchronized with the Virusday cloud” indicator, you are asked to download a unique synchronization file and upload it to the root directory of your site.
Register now at .

Recently, the hosting provider reg.ru suspended the work of some PHP functions(in particular mail - sending messages) on the website of one of my clients, explaining this by the fact that malicious software was found in the account software, sending spam. It stopped working and orders stopped coming, and this is already a loss. In this regard, I decided to tell you, site readers, how to check your site for viruses and remove malicious code in a timely manner.

The situation is not uncommon, even this blog of mine has twice become a victim of hacking. It is impossible to completely protect your resource from viruses, but it is necessary to minimize the risk. As a rule, attackers use CMS vulnerabilities, design templates, or incorrect hosting settings to penetrate.

What to do if you suspect your website is infected with viruses:

  1. Check the site for viruses and find files containing malicious code (this will be half of the article),
  2. Delete or disinfect detected files (second half of the article),
  3. Close the “holes” in the site through which bad scripts have penetrated.

All 3 cases of hacking that I encountered (2 mine and 1 client) occurred for one reason - on the hosting, some folders had public access rights 777, allowing everyone to write any information there, so point No. 3 about closing “holes” is the most important. I'll tell you about him at the end.

Why online antiviruses are ineffective for a website

When real problems arise in the operation of the site or messages appear from Yandex Webmaster about infection, many begin to look for online antiviruses for sites. Sometimes they help, but most of the time they don't do it completely.

The problem is that services such as antivirus-alarm.ru, virustotal.com, xseo.in, 2ip.ru, etc. only have access to the external side of your site. This means that they will only detect malicious code if it gets out and shows some signs.

What to do if infected files do not manifest themselves in any way and are still inactive, or the result of their activity does not give obvious signs of infection. Well, for example, they simply display extraneous links on web pages - for online service and these will be , and the virus itself is hidden deep in the PHP code and acts only at the server level when processing requests.

Advantages of online antiviruses: Ease of use – write the site URL, click a button and get the result. But it’s not a fact that a virus was found.

The only effective way to identify all problems is to completely scan all the files hosted on the hosting where the site is located. This can be done with access to the hosting, which means that the antivirus must work directly inside the files and folders of your site.

Antivirus plugins

By the way, fans of popular CMSs have a little more luck in fighting viruses, since there are plugins that can detect and eliminate them in a timely manner. I talked about one such plugin in an article about it; it automatically monitors changes in engine and template files. But even he is not always able to help, since viruses can not only penetrate existing files, but also create your own, against which the plugin will be powerless.

In a word, in a critical situation, a full scan of all hosting files, including those that do not relate to the CMS, may be required.

So, let's move on to the section “How to check a website for viruses using professional methods?”

Checking website files with AI-Bolit antivirus

As with regular computers, websites are checked for viruses antivirus programs. But for these purposes, ordinary antivirus programs, which I’m talking about, are not suitable. You need a special one that works for the hosting and is designed for threats to sites.

Lately I have been using Revisium’s AI-Bolit antivirus for these purposes. In addition to its antivirus for websites, this service participated in the joint development of an antivirus for Yandex.

Let's go through all the stages of search and treatment using AI-Bolit step by step.

Installing AI-Bolit antivirus

From this page you download the archive with the hosting program – https://revisium.com/ai/ (small file).

There is a version for Windows - to use it you need to download all the site files from the hosting to your computer.

There is a version for hosting - virus checking takes place right there (on the server with the site). I will talk about how the hosting version works, download it.

Unpack the downloaded archive, as a result, you will have a folder with a name similar to the name of the archive - ai-bolit, a tools folder and 2 files.

To work, you only need the contents from the first folder (ai-bolit), consisting of 5 files. You need to upload it to the root folder of your site (where your index.php is) via FTP or via file manager these 5 files.

Setting up the program

By default, the antivirus is already ready to work, but it has two settings that you can use to optimize the program to suit your needs. All settings are made in the ai-bolit.php file.

1. Setting the scanning depth. It can be of 3 degrees: 0 – quick check, 1 – expert, 2 – paranoid, default value is 1. The line responsible for this parameter is:

Define("AI_EXPERT_MODE", 1);

2. Password to access the program. If you plan to keep the antivirus on your hosting permanently, then you need to set the most complex password possible instead of the default one, otherwise attackers will be able to damage the site through the antivirus itself. If you are interested one-time check, after which the antivirus files will be deleted from the hosting, you can leave the default password. The line responsible for the password is:

Define("PASS", "1122334455");

After saving the settings, proceed to launching the scanner.

Starting the program

Further actions will be carried out through the browser. IN address bar you need to type the URL leading to the ai-bolit launch file – your-site/ai-bolit.php?p=specified-password .

After some time, scanning all files on your site will be completed and you will receive a report like this:

Startup problems

Since anti-virus scanning of a website creates a considerable load on the hosting server, hosters often prohibit the operation of such programs. In this case, you may encounter error messages such as the following:

In this case there are 3 options:

  1. The hoster itself scans for viruses and warns clients about their appearance.
  2. The hoster may allow you to check after requesting technical support.
  3. Download the site files to your computer and check with the antivirus version for Windows.

Analysis of results

The report received during scanning can be used in two ways - transfer it to a specialist so that he can understand its contents or independently review each suspicious line. Often, features of templates or specialized scripts are mistaken for viruses (especially at a paranoid level of verification).

After all checks and removal malicious scripts Antivirus files from the hosting can be erased.

Closing site vulnerabilities

Now about eliminating the causes of infection. I said above that most often viruses are uploaded through folders that have general access for everyone – access rights 777 (rwxrwxrwx).

If some folder on your site has such rights, you can upload a virus file there and use it to spread malicious code throughout the site.

To ensure that the infection does not recur after your treatment, you need to check each folder in which Manul found infected files and, if necessary, change the rights - deny public access - set the properties to 755 (rwxr-xr-x).

In some cases you can make even stricter rules, but 755 is the minimum security level.

That's all I have for today - good luck to your projects.

Hello, I’ll show you what you need to do to check a website for viruses online completely free of charge. The thing is great, but make your choice responsibly, some people have incorrect data, check out our review of 8 resources.

List of resources

Checking via Yandex and Google

There is no check, but there is an autonomous site parser for malicious code that monitors the state of the resource when the robot crawls it. To use you need to have Yandex and Google Webmaster. How to register is not the topic of this article. In the office we find the “diagnostics” section and the “security and violations” sub-item.

If everything is in order, then the inscription will be as in the screenshot. In Google Webmaster you need to go to “Security Issues”. If everything is normal, the online service will write approval.

It is not possible to perform a check upon request; it occurs automatically. Regularly log into the webmaster account of the Yandex and Google search engines.

How to search for viruses for free with 2ip.ru

I was hooked by the simplicity follow the link, enter the name and wait five seconds for processing.

Has a quick check for the presence of a site in the blacklist of search engines. Plus it checks for redirects and the presence of junk code that poses a danger to the visitor. For beginners, it is suitable for one-time use once a day.

Dr web quick check

Many people don’t know that Dr web has online virus scanner for websites. Fill in the domain name and click on the check button.

After checking, a results pop-up window will appear. If 3 icons are smiling, it means it’s ok, below are the suspicious files and check, if it says Ok it means it’s clean.

The Doctor Web service is fast, giving you the opportunity to look at potential problems. There is information, but I expected more from DrWeb.

Xseo: checking for presence in prohibited databases

Unknown online program with a huge arsenal with a large number of parameters. There is also a virus check, which is simple but worth listening to. Go in and fill out the domain field.
. In the right column are the rest of the free tools.

Virustotal: will run 65 antiviruses for free

Virus analysis from virustotal boils down to parsing on popular sites and displaying the results. Here is the official website and enter the domain.

The report does not contain numbers or symbols; it contains a table of popular antivirus scanners with the result of the check, safe - green, red - infected.

Out of 65 scanners, one level of infection was shown. Quterra we’ll talk about it below, the blog is clean. For me, the virus scanner from virustotal is the most democratic and gives you a choice. After reading the reviews, I came to the conclusion that if no more than three are fighting, then it’s fine, but if not, then we need to look for a worm.

Quuttera.com: checking your website for viruses online has become easier

Quterra.com offers to check the site for viruses online. There is a lot of information for your free reports, then what is given for a fee? Seriously, as a webmaster I was afraid of three mistakes with home page. It turned out to be unfamiliar plugins. Official address and by old scheme, name and check.

There will be a long check of the resource from head to toe, including all pages. Be patient, the detection results are truly encouraging. After the analysis, click “detailed report” In menu three active sections, the errors themselves and suspected viruses are located in the “scanned files analysis” section.

  1. Tab section.
  2. Malicious. I point to the autoptimize plugin file, which absorbs all the site styles, thereby speeding up loading.
  3. Suspicious. Average level threats. I found a threat in the author's comment.
  4. Potential threats. I found it again with the autoptimize code.

To view threats, click on the required section and find the suspicious file and the code itself.

  • Link to a suspicious object.
  • The “view code” link opens a pop-up window with a piece of code that does not meet security rules.

I concluded that autoptimize provides an opportunity for hacking, we need to look for an alternative.

Rescan Russian scanner

New online tool, address here, distinctive feature: in Russian and enough information. Check and start as standard.

After a few seconds, it will issue a report that the wpsovet has passed the test on all points. The service boasts of cooperation with major hosting providers, timeweb, hostland, fastvps and others, it’s difficult to check, but we’ll take their word for it.

Sucuri: surprised

Go to the address and insert the site data by clicking scan website.

All points are good except the last one, but how did he determine that WordPress was not updated to latest version, hid information about the engine version on the blog. I was surprised, but I didn’t think so. In the third point: absence secure connection SSL and https protocol.

Aw-snap: checking all pages

I’ve known aw-snap for a long time, I’ve moved more than once. Scans source and all pages for errors and viruses. The address is here, don't look at the outdated design and tabular layout. Enter your address and view the report.

I see that the main errors are in the CSS, more precisely in the use of the display:none property, which hides the content from the visitor. I can’t fix this bug; it’s based on this method of hiding elements under different conditions.

Kaspersky: adding virus sites to the database

You have found a virus and infected resource, you can enter it into a special Kaspersky online database. We go to this address, insert the domain of the resource being checked, simultaneously choosing whether it is clean or infected.

Depending on the choice, Kaspersky will check the resource and decide whether to blacklist it. I don’t quite understand how it works and how to find out the result of a virus scan.

Bottom line

Other popular antiviruses cannot check a website for viruses online, neither nod32, nor Avast, nor eset. They have.

I can summarize after checking with all antiviruses online:

  • We need to look for a replacement for the autooptimize plugin.
  • Regularly update the engine and plugins.
  • You'll have to change the comments.

Goodbye to everyone, and in conclusion there is a video.