Need Help regarding recurring Trojan:JS/Redirector.CR

View previous topic View next topic Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Thu May 06, 2010 7:14 pm

Hello,
After posting my last post yesterday, I found something that kept me busy for a couple of hours that led to the solution to my problem. I need to post again a kinda long story just an FYI to others who are having the same problem.

I am wondering if my antivirus is over reacting or something because my hosting provider dismissed the idea that the server might be infected by Trojan Horse as he told my websites are loading fine with his and it might be a conflict of all the antiviruses I use. But I tested my websites on other PC here at home with MSE as antivirus and still has trojan alert. I want to make sure it is not my laptop and not the antivirus I am using. I asked a friend online to view my websites and she also got virus alerts, but she also has the same antivirus which is Avast. So I asked my brother to rent PCs on a net cafe and test my websites there, they have Macafee as antivirus and it also gave Trojan:JS/Redirector.CR...So Bingooo....It is not my laptop not my Antivirus. The problem is not sitting on my laptop. I have no virus... Avast just alerts me with possible virus to be downloaded by my websites every time I loaded it with my web browser.

Though my hosting provider told me that it is impossible that there is a trojan virus on the server, I am still wary about their email about one of my domains and we found 4 files there that I didn't create. It was a proof I was hacked and though they said it is not connected with my Trojan problem I am still suspicious as I cannot find anything on my laptop. Thanks to Avast (Avast Web Shield because on other antivirus they detected the virus already on firefox cache and just record the file path but not the source website, at Avast it blocks the site and you will automatically notice that it is coming from one type of websites, in this case on all websites I own. With other anti virus I cannot figure it out)..To continue with my story. I am still suspicious so I continued reading ( I emailed my provider but till now no answer, I do not know why or they just will not accept I am hacked? Maybe because my websites and account are the only one affected and no clients are complaining).

So I have to do the investigation on my own and so i read and read and I read somewhere on the web about S:Illredir-[Trj] which is also a Trojan:JS/Redirect.CR. I read about someone who owns a hosting, although in her case all her websites are infected and her clients are all suffering from virus problem I still take her advice on the article. She said there are suspicious scripts after /html when she viewed "View Page Source" on all of her websites and she posted the screen capture of the scripts how it looks like. SO there I GOT AN IDEA...I view the Page source of one of my websites and although I saw an entirely different script, I am sure I didn't put it there.. I wish I can post screen capture here..

So there it is..I checked all my websites and they all have the same suspicious scripts after /html . Haven't I read that article I will not know and will not view the page source because looking at my websites I see nothing suspicious on the appearance and no changes on the links. I access my FTP deleted all index.htm of ALL my websites and transfer the original index.hml from my laptop to the server. Tested my websites and NO VIRUS ALERTS now...It happened before that I experience no virus alert for a day or two but I know this time the problem is already fixed

Belahzur THANK YOU for keeping me company with this problem that is bugging me for more than a month. I learned so much from you and I am thankful to find this forum... really have lots of information here, I will surely come back every now and then to read and learn. As obviously I am not qualified to give advice but I hope my problem and story can help others too. I expected something from my hosting provider but then again I guess they are very busy keeping a business (I understand), but that emailed they sent me started to give me suspicions and of course Avast gave detailed warnings than others.

THANK you very much
Thank You!

But I haven't checked the .htaccess I will read the link you provided and will check what I need to check to prevent things like this in the future .. An no I do not know about chmod the files...Any infos on how to do it? I think I need to do it. thanks again

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-22
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24473
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Fri May 07, 2010 6:53 pm

Best advice I can give is Google it, because chmod can different for every person sometimes depending what your chmoding on the [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Fri May 07, 2010 8:32 pm

I already found it yesterday and checked my chmod setting which is at 755 and this is the secured setting as they say but I still wonder why I was hacked. My hosting provider is not answering my email but I just emailed them as an FYI.. Anyway I just made other security measures and move on but who knows if it is 100% foolproof..that's life.. make strong passwords and although I already deleted and uploaded all index files I deleted all files reload all from back ups to make sure to eliminate if there are other files altered that I didn't notice..

Thanks again and wonderful community here.

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-22
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24473
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum