Recently a new virus has come to light which has exceeded all expectations at the rate at which it is spreading. This blog post aims to provide:

- Information on the threat itself
- Info on how to clean your PC
- Info on how to clean your website

Information on the threat:

One aspect of gumblar’s existence is how it can use FTP details stored on your PC to upload malicious code to your web presence in order to spread itself further. Some FTP programs such as FileZilla apparently store passwords in plain text and as such can be exploited quite easily. The issue is not a server side issue.

Links with further information:

- http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1357912,00.html

- http://www.webpayments.ie/blog/Gumblar-What-is-it-How-to-I-remove-it-.html

- http://www.zonealarm.com/security/en-us/support/gumblar.htm

Information on cleaning your PC:

- http://www.xp-vista.com/remove/gumblar

- http://www.malwarebytes.org/ (Referenced as being a good tool for identifying an infection)

Cleaning your website

1 – Change FTP password via Cpanel
2 – Do not store the FTP password in any profile etc
3 – Replace existing website with last known ‘good’ backup
4 – Change Cpanel / FTP password again via Cpanel

To avoid being re-infected we recommend running antivirus software such as AVG or Avast. We also recommend upgrading your browser to its most up to date version and running anti malware software such as that available from http://www.malwarebytes.org/. You may also want to ensure Google does not have your website listed here: http://stopbadware.org/home/reportsearch as a potential unsafe website. This can lead to issues with your search engine rankings.

Please note: External links are provided for your convenience and Letshost.ie cannot be responsible for the content / software etc on these sites.

At various times of the year we have our clients contact us regarding a bogus letter they receive in the post relating to some / all of their domain names. The letter hints at the need to renew a domain name with an organisation other than Letshost. This organisation is known as the domain registry of America or DROA for short.

The process actually involves transferring the domain away from Letshost for an increased fee and loosing use of the services we provide.

Please note Letshost does not issue renewal notices via post and only issues such renewal notices via email. All emails from Letshost relating to renewals will contain your unique client number.

All customer of Letshost are encouraged to ignore such postal items but if in doubt to contact us through support and confirm your suspicions on any mailings you receive.