Symptoms of Gumblar Virus
Your website in getting infected with unknown iframe or scripts and website is getting redirect to any infected website and due to which virus are getting downloaded in your machine.
Activity at user End
The virus will find FTP clients such as FileZilla and Dreamweaver and download the clients’ stored passwords. It also enabled promiscuous mode on the network card, allowing it to sniff local network traffic for FTP details. It is one of the first viruses to incorporate an automated network sniffer.
Activity at server end
Install any good malware removal, Unmaskparasites.com provides gumblar remove instructions and recommends scanning for spyware using programs such as the malware removal tool Malware Bytes. Remove all the malicious codes that have been installed in the server files (.html, .php, .js, etc.) and re-upload your website.
One the server, download all the files of your website from the server on to your desktop, clean all the infected files and then upload the clean files on the server. Once again change the FTP password of the website once the uploading is complete. This will ensure that the website will not be infected again even if the password is stolen at the time of uploading.
1. Keep your machine virus/malware free by using Good Antivirus and AntiMalware.
2. Keep changing your all FTP password periodically.
3. Do not store FTP password in any FTP client as well as dreamviewer , Microsoft Frontpage etc.
Different companies use different names for gumblar and variants. Initially, the malware was connecting to gumblar.cn domain but this server was shutdown later. However, many badware variants have emerged after that and they connect to various malicious servers via iframe code. Whatever be the nature of gumblar variants, all of them can be categorized as iframe virus.