Quote:
Originally Posted by Lycanthrope
Had to clean up a customer's site with this a few days ago. Like the article said, it was a compromised ftp password.
I had the customer scan his pc before giving him his new password of course... he said he had Norton and it did NOT find the customer's trojan. I told him to install Avast and rerun the scan - he did and it DID find it.
|
yes, Avast finds it, Norton chupa bolas
@Get Naughty: I assume you're using Filezilla, since it attacks only sites that use Filezilla as FTP client AFAIK. If so, I'll try to find how to fix it, but be prepared to some heavy registry editing. Just in case, if you're using Filezilla and you have a lot of sites or sites you don't remember the user/pass because you've Filezilla set to remember it, save your filezilla.xml file in another location and do not change passwords for your servers before cleaning your computer or you'll have to do everything again. My partner Ed has cleaned 2 computers and we had to clean servers as well.
This shit is nasty, and Avast catches it, but desn't clean it, no matter what the Avast results say. Plus, most chances are your server is infected and you'll be infected every time you use Filezilla. I'll send a message to Ed to write me the instructions and post it here later as soon as he sends them.
In the meanwhile, backup your sites and try to get a backup of your servers before the date you assume you had your sites infected