ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,582 questions
How to sanitize a legacy asp.net file (Aspx) infected with malware
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 73%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWG%3C/text%3E%3C/svg%3E)
Will G
0
Reputation points
Hello, I created an Asp.net website about 10 years ago, and it is hosted on GoDaddy.com. If I google search the domain name of the website it will come up with the name of a generic drug. I can access the website, it's just that the google search displays the generic drug name instead of displaying the domain name I search for. It appears that somehow some of the files have been altered, by malware or some other scripting code? I would like to manually clean up (Sanitize) each file. Can someone tell me what I should look for in the asp.net code to identify malware or some other scripting that has been injected into the page?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Lan Huang-MSFT 30,166 Reputation points Microsoft Vendor2023-04-14T06:16:17.79+00:00 Hi @Will G,
I think you can try .NET tools.
You can check out the .NET tools and diagnostics documentation: Learn about .NET tools, including SDK and .NET CLI, diagnostics and instrumentation, code analysis, and package verification.
Code quality analysis:Code quality analysis ("CAxxxx") rules inspect your C# or Visual Basic code for security, performance, design and other issues.
You can enable code analysis on projects that target earlier .NET versions by setting the EnableNETAnalyzers property to
true.Security Rules rule set for managed code
Use the Microsoft Security Rules rule set for legacy code analysis to maximize the number of potential security issues that are reported. https://learn.microsoft.com/en-us/visualstudio/code-quality/security-rules-rule-set-for-managed-code?view=vs-2022
-
Viorel 119.3K Reputation points2023-04-14T08:00:42.8533333+00:00 Do you mean that the title, which is displayed by search engines, is incorrect?
Did you check if other search engines have the same issue? Maybe it is not a problem of your code.
-
Will G 0 Reputation points
2023-04-19T03:59:44.3733333+00:00 Hi Viorel thanks for asking, attached is an example of what I am talking about. I did three searches on the domain name. The first one in Google, the second one in the GoPro browser, and the third one in Bing. In Google the viagra links come up as the very first search result. For GoPro and Bing browser the Viagra link shows up about three links downward. My client is a Psychologist, and a very good person as well. This therapist is very good at helping people, so it's unfortunate that the site appears have been injected with Malware somehow. In the screen snapshots I drew a black line through the actual domain name, as I want to protect my client. I did not include the Bing search result as an attachment, just the Google and GoPro. If I just knew what to look for in each aspx page in order to clean it (Sanitize), then I could fix it manually, as the code was never placed in source control. (This was before GITHub, and at the time I could not afford TFS ). If anyone has any ideas what to look for that would be great. Nothing personal against Laun Hang, but his reply seems very generic. Anyway. Attached are the screenshots.GoogleSearch.png
-
Will G 0 Reputation points
2023-04-19T11:35:32.5966667+00:00 Hey, I think I am just going to just rebuild the site. Thanks for your help.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 13%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Alex Jame 0 Reputation points2025-01-28T15:18:46.3566667+00:00 It seems your site has been compromised. Here's how to clean your ASP.NET files:
- Backup: Save your files and database before starting.
- Scan Files: Look for injected code (e.g., suspicious iframes, "eval," or "base64" scripts).
- Review Changes: Compare files with the original source for unexpected edits.
- Inspect Web.config: Check for unauthorized redirects or changes.
- Scan for Malware: Use tools like Sucuri or VirusTotal.
- Secure Credentials: Update FTP, database, and admin passwords.
- Fix SEO Issues: Remove spammy meta tags or hidden content and submit your site for review in Google Search Console.
Sign in to comment
Sign in to answer