Trojan

[Noverast]

Kaspersky found this Trojan on several of my websites: Trojan.JS.Redirector.t

The weird thing is that if you visit the same website again, nothing is found. So this code is executed randomly, because I can't find any encrypted code, iframe, javascript or anything relating to this trojan in any of the infected files my anti-virus founds. There is also no information on the web on how to trace this on the server side and remove it.

It wanted to redirect me to

toomi.sk/admin/getfile.php?b=1003

Please help me.

[funtik]

and please help me ))
on my site linuxcenter.kz every day open blank page, if im Refresh page (F5) - site reload normal

but my antivirus say me "You have virus " and im open HTML source blank page and see code bellow:

Code: [Select]

<script type="text/javascript" language="javascript"> var pgbikmc=new Date( ); pgbikmc.setTime(pgbikmc.getTime( )+12*60*60*1000); document.cookie="n\x5fses\x73_id\x3d53d\x312540afaf174fd0466f84\x316\x35af\x65e3"+"; path=/\x3b ex\x70\151\x72es="+pgbikmc.toGMTString( ); </script>
<script>document.write(String.fromCharCode(60,100,105,118,32,115,116,121,108,101,61,39,100,105,115,112,108,97,121,58,110,111,110,101,39,62))</script><h1><a href="http://keygenguru.com">serial key</a>&nbsp; </h1><a href="http://keygenguru.com">crack</a>&nbsp; <a href="http://keygenguru.com">keygen</a>&nbsp; 218.90.168.17 <h1><a href="http://keygenguru.com/movies.php">download movie</a>&nbsp; </h1><h1><a href="http://keygenguru.com/movies.php">online movies</a>&nbsp; </h1>112.53.228.12 <a href="http://supersoftwarestore.com">cheap software</a>&nbsp; <h1><a href="http://supersoftwarestore.com">software shop</a>&nbsp; </h1>227.136.0.49 <h1><a href="http://keygenguru.com/software/Autodesk-inventor-lt-x64.html">Buy Autodesk Inventor LT x64</a>&nbsp; </h1><a href="http://keygenguru.com/software/adobe-creative-suite-3-master-collection-for-mac.html">Download Adobe Creative Suite 3 Master Collection for Mac</a>&nbsp; <h1><a href="http://keygenguru.com/software/the-foundry-nuke-maximun-2009.html">Buy The Foundry Nuke: Maximum 2009</a>&nbsp; </h1><h1><a href="http://keygenguru.com/software/Autodesk-inventor-2010.html">Download Autodesk Inventor 2010 </a>&nbsp; </h1><a href="http://keygenguru.com/software/adobe-acrobat-9-pro-extended.html">Download Adobe Acrobat 9 Pro Extended</a>&nbsp; <h1><a href="http://keygenguru.com/software/autodesk-autocad-2009-32bit.html">Download Autodesk Autocad 2009 32bit</a>&nbsp; </h1><a href="http://keygenguru.com/software/adobe-creative-suite-2-premium-for-windows.html">Download Adobe Creative Suite 2 Premium for Windows</a>&nbsp; <h1><a href="http://keygenguru.com/software/autodesk-autocad-2010.html">Download Autodesk AutoCAD 2010</a>&nbsp; </h1><h1><a href="http://keygenguru.com/software/adobe-creative-suite-3-design-premium-for-mac.html">Download Adobe Creative Suite 3 Design Premium for Mac</a>&nbsp; </h1><a href="http://keygenguru.com/software/Autodesk-inventor-lt-x32.html">Download Autodesk Inventor LT x32</a>&nbsp; <h1><a href="http://keygenguru.com/software/microsoft-windows-vista-ultimate-full-version-oem-64-bit-includes-sp1.html">Download Microsoft Windows Vista Ultimate Full Version OEM 64-bit (includes SP1)</a>&nbsp; </h1><a href="http://keygenguru.com/software/autodesk-3ds-max-2009.html">Download Autodesk 3ds Max 2009</a>&nbsp; <a href="http://keygenguru.com/software/autodesk-revit-structure-2009.html">Buy Autodesk Revit Structure 2009</a>&nbsp; <a href="http://keygenguru.com/software/Rosetta-Stone-wersion-3-English-for-mac.html">Buy Rosetta Stone Version 3: English(British) Level 1, 2 & 3 Set for mac</a>&nbsp; <h1><a href="http://keygenguru.com/software/Rosetta-Stone-Version-3-Arabic-for-mac.html">Download Rosetta Stone Version 3: Arabic Level 1, 2 for mac</a>&nbsp; </h1><h1><a href="http://keygenguru.com/software/microsoft-windows-vista-ultimate-full-version-oem-64-bit-includes-sp1.html">Buy Microsoft Windows Vista Ultimate Full Version OEM 64-bit (includes SP1)</a>&nbsp; </h1><a href="http://keygenguru.com/software/Rosetta-Stone-Version-3-hebrew.html">Buy Rosetta Stone Version 3: Hebrew Level 1, 2 </a>&nbsp; <a href="http://keygenguru.com/software/minitab-15.html">Buy Minitab 15</a>&nbsp; <a href="http://keygenguru.com/software/alias-maya-70-unlimited.html">Buy Alias Maya 7.0 Unlimited</a>&nbsp; <h1><a href="http://keygenguru.com/software/Rosetta-Stone-Version-3-Italian-for-mac.html">Download Rosetta Stone Version 3: Italian Level 1, 2 & 3 Set for mac</a>&nbsp; </h1><h1><a href="http://keygenguru.com/software/softplan-v1340-professional.html">Download SoftPlan v13.4.0 Professional</a>&nbsp; </h1><h1><a href="http://keygenguru.com/software/corel-designer-technical-suite-x4.html">Buy Corel Designer Technical Suite x4</a>&nbsp; </h1><h1><a href="http://keygenguru.com/software/Adobe-Illustrator-CS4.html">Buy Adobe Illustrator CS4</a>&nbsp; </h1><a href="http://keygenguru.com/software/autodesk-autocad-2007.html">Download Autodesk AutoCAD 2007</a>&nbsp; <h1><a href="http://keygenguru.com/software/Rosetta-Stone-Version-3-German.html">Download Rosetta Stone Version 3: German Level 1, 2 & 3 Set</a>&nbsp; </h1><a href="http://keygenguru.com/software/Rosetta-Stone-Version-3-German-for-mac.html">Buy Rosetta Stone Version 3: German Level 1, 2 & 3 Set for mac</a>&nbsp; <h1><a href="http://keygenguru.com/software/autodesk-3ds-max-90.html">Download Autodesk 3ds Max 9.0</a>&nbsp; </h1><a href="http://keygenguru.com/software/Microsoft-Windows-7-x64-French.html">Buy Microsoft Windows 7 x64 French</a>&nbsp; <a href="http://keygenguru.com/software/autodesk-autocad-2009-32bit.html">Buy Autodesk Autocad 2009 32bit</a>&nbsp; <a href="http://keygenguru.com/software/Adobe-CS3-MC-Microsoft-Office-2007-Enterprise.html">Buy Adobe Creative Suite 3 Master Collection for Win  Microsoft Office 2007 Enterprise</a>&nbsp; 207.192.192.122 <h1><a href="http://keygenguru.com/movie/the-ugly-truth.html">Download The Ugly Truth</a>&nbsp; </h1><a href="http://keygenguru.com/movie/star-wars-episode-iv-a-new-hope.html">Download Star Wars: Episode IV - A New Hope movie</a>&nbsp; <a href="http://keygenguru.com/movie/the-taking-of-pelham-1-2-3.html">Download The Taking of Pelham 1 2 3 movie</a>&nbsp; <h1><a href="http://keygenguru.com/movie/home.html">Buy Home</a>&nbsp; </h1><h1><a href="http://keygenguru.com/movie/city-of-god.html">Download City of God</a>&nbsp; </h1><a href="http://keygenguru.com/movie/the-boat-that-rocked.html">Download The Boat That Rocked movie</a>&nbsp; <h1><a href="http://keygenguru.com/movie/my-bloody-valentine.html">Download My Bloody Valentine</a>&nbsp; </h1><a href="http://keygenguru.com/movie/the-telling.html">Buy The Telling</a>&nbsp; <h1><a href="http://keygenguru.com/movie/gamer.html">Download Gamer</a>&nbsp; </h1><a href="http://keygenguru.com/movie/race-to-witch-mountain.html">Download Race to Witch Mountain movie</a>&nbsp; 112.237.56.6 <h1><a href="www.keygenguru.com/search/?search=office+2007">office 2007 crack</a>&nbsp; </h1><a href="http://keygenguru.com/search/?search=avg">avg crack</a>&nbsp; <h1><a href="http://keygenguru.com/search/?search=alcohol+120">alcohol 120 serial</a>&nbsp; </h1>221.1.129.217 <h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:c1bff5eec23e3d4ae3e1b17b82a49059/Download-Stargate-SG-1-Children-of-the-Gods-Final-Cut-movie">Download Stargate SG-1: Children of the Gods - Final Cut</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:024a622241eca96b21b5e3e01bb0f74f/Download-Up-movie">Download Up</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:6cf2d807b66e879ee22f3d1ca78627e6/Download-Hardwired-movie">Buy Hardwired</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:0c4c36ed612637cafbf5b9f034df7042/Download-Twilight-movie">Buy Twilight</a>&nbsp; <a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:5e74363c2d096bd2c95f73de76c9af0c/Download-Terminator-Salvation-movie">Watch Terminator Salvation</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:0e9716b4c653f3a9c6f5028627f11c90/Download-The-Invention-of-Lying-movie">Buy The Invention of Lying</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:1822d131d262278cdbfef094bfd5c17f/Download-Bronson-movie">Buy Bronson</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:d1037d37da361e8428ebb0d132594f52/Download-Extract-movie">Watch Extract</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:00d27ebab591274e33f1ab4619275c29/Download-Underworld-Rise-of-the-Lycans-movie">Watch Underworld: Rise of the Lycans</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:77c1ea4baf624c65373ed792b6c5463c/Download-In-the-Loop-movie">Watch In the Loop</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:024a622241eca96b21b5e3e01bb0f74f/Download-Up-movie">Buy Up</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:0b633ba3888738b4d2be8b9090241fbc/Download-Futurama-Into-the-Wild-Green-Yonder-movie">Watch Futurama: Into the Wild Green Yonder</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:3b35c2282288a9f523714406384b7bc9/Download-Perfect-Getaway-A-movie">Watch Perfect Getaway, A</a>&nbsp; <a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:024a622241eca96b21b5e3e01bb0f74f/Download-Up-movie">Watch Up</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:266d544a5cfb3513d4dc294cb2b9457a/Download-Godspeed-movie">Download Godspeed</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:f35ffdf9fc3036c1dc10670675f7f61f/Download-The-Maiden-Heist-movie">Buy The Maiden Heist</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:aee1c3dee43d740bd431b94ffeb8ba58/Download-Beyond-a-Reasonable-Doubt-movie">Buy Beyond a Reasonable Doubt</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:8aaa85fec304e864e06cb9971417f889/Download-Summers-Blood-movie">Download Summer's Blood</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:a4aa835236276ac0178c2c3ca44fc1d5/Download-The-Haunting-in-Connecticut-movie">Watch The Haunting in Connecticut</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:00be684a7bc2f9b14776630bc05dbd3a:a79735097fe2710afd3f140da16a8422/Download-Zombieland-movie">Download Zombieland</a>&nbsp; 229.95.120.199 <h1><a href="http://digg.com/movies/Download_Terminator_Salvation_movie_8">Watch Terminator Salvation movie</a>&nbsp; </h1><a href="Demons movie">Watch Angels &amp</a>&nbsp; <h1><a href="Demons movie">Download Angels &amp</a>&nbsp; </h1><a href="http://digg.com/movies/Download_Death_Warrior_movie">Buy Death Warrior movie</a>&nbsp; <a href="http://digg.com/movies/Download_Transformers_Revenge_of_the_Fallen_movie_7">Watch Transformers: Revenge of the Fallen movie</a>&nbsp; <h1><a href="Ice movie">Buy Fire &amp</a>&nbsp; </h1><h1><a href="http://digg.com/movies/Download_The_Ugly_Truth_movie_5">Buy The Ugly Truth movie</a>&nbsp; </h1><a href="http://digg.com/movies/Download_The_Twilight_Saga_New_Moon_movie_2">Watch The Twilight Saga: New Moon movie</a>&nbsp; <a href="http://digg.com/movies/Download_2012_movie_7">Watch 2012 movie</a>&nbsp; <h1><a href="http://digg.com/movies/Download_The_Wizard_of_Oz_movie">Download The Wizard of Oz movie</a>&nbsp; </h1>94.197.79.254 <h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:450fac4426d4e0b64dd6b27d8963077e/Buy-Rosetta-Stone-Version-3-SpanishLatin-America-Level-1-2-3-Set-125">Cheap Rosetta Stone Version 3: Spanish(Latin America) Level 1, 2 & 3 Set</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:67b4db6adc5021daca8d78d3f2a82d19/Buy-Rosetta-Stone-Version-3-SpanishLatin-America-Level-1-2-3-Set-for-mac-125">Cheap Rosetta Stone Version 3: Spanish(Latin America) Level 1, 2 & 3 Set for mac</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:6b1a63cc97d8a1421fea96948bac4189/Or-by-first-letters">Cheap Rosetta Stone Version 3: Dutch Level 1, 2 & 3 Set</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:aeca89141f9658ef59b88d267d0db61d/Buy-MS-Windows-XP-Professional-x64-4995">Cheap MS Windows XP Professional x64</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:543f92b1efe3063f17148609e988d1b1/Buy-Microsoft-Windows-7-100">Cheap Microsoft Windows 7</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:5d9bf82e23143f079842b6b614c72373/Buy-Adobe-Creative-Suite-3-Design-Premium-for-Win-2499">Cheap Adobe Creative Suite 3 Design Premium for Win</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:32f55906ff39cc22549aa0151812558a/Buy-Autodesk-AutoCAD-Revit-Architecture-Suite-2009-200">Cheap Autodesk AutoCAD Revit Architecture Suite 2009</a>&nbsp; </h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:d3b097db2b6d09d25f0624953da7e660/Buy-Autodesk-SketchBook-Pro-2010-30">Cheap Autodesk SketchBook Pro 2010</a>&nbsp; <h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:37fedff10091151e5a5ef229d9686102/Buy-SolidWorks-2009-x32-99">Cheap SolidWorks 2009 x32</a>&nbsp; </h1><h1><a href="http://buzz.yahoo.com/article/1:8840aded8f25bdb71b0c0b79cf47602f:f3bf01cb59a6b4617c8408fc6707bf5b/Buy-Sibelius-6-99">Cheap Sibelius 6</a>&nbsp; </h1>26.60.37.70 <h1><a href="http://digg.com/software/Buy_Rosetta_Stone_Version_3_Hebrew_Level_1_2_for_mac">Order Rosetta Stone Version 3: Hebrew Level 1, 2 for mac</a>&nbsp; </h1><a href="http://digg.com/software/Buy_Adobe_Creative_Suite_3_Master_Collection_for_Mac_349">Order Adobe Creative Suite 3 Master Collection for Mac</a>&nbsp; <h1><a href="http://digg.com/software/Buy_Cakewalk_Sonar_8_0_Producer_Edition_99">Order Cakewalk Sonar 8.0 Producer Edition</a>&nbsp; </h1><a href="http://digg.com/software/Buy_Autodesk_Inventor_2010_195">Order Autodesk Inventor 2010</a>&nbsp; <a href="http://digg.com/software/Buy_Parallels_Desktop_3_0_build_5584_for_Mac_29_95">Order Parallels Desktop 3.0 (build 5584) for Mac</a>&nbsp; <a href="http://digg.com/software/Buy_Rosetta_Stone_Version_3_English_British_Level_1_2_3_2">Order Rosetta Stone Version 3: English(British) Level 1, 2 & 3 Set for mac</a>&nbsp; <a href="http://digg.com/software/Buy_Adobe_Creative_Suite_3_Master_Collection_for_Win">Order Adobe Creative Suite 3 Master Collection for Win</a>&nbsp; <a href="http://digg.com/software/Buy_Rosetta_Stone_Version_3_Chinese_Mandarin_Level_1_2_2">Order Rosetta Stone Version 3: Chinese (Mandarin) Level 1, 2 & 3 Set for mac</a>&nbsp; <a href="http://digg.com/software/Buy_Adobe_Acrobat_8_0_Professional_79_95">Order Adobe Acrobat 8.0 Professional</a>&nbsp; <h1><a href="http://digg.com/software/Buy_Autodesk_AutoCAD_Revit_Architecture_Suite_2009_200">Order Autodesk AutoCAD Revit Architecture Suite 2009</a>&nbsp; </h1>124.123.100.55
my files .htaccess empty... i see my php-code but i not found virus

sorry, my english - limp help me!!!

[Noverast]

This is exactly the same virus. I found that NOD32 classify it as something else: JS/TrojanDownloader.FraudLoad.D.trojan.

I have checked all the code and can't find anything plus I checked the date when the files was last changed.

[Noverast]

Found my problem. Read this article:
http://www.secureworks.com/research/threats/linuxservers/

[MysteryFCM]

If you guys still need help with this, post your domain name and we'll take a look.

[scumbag]

I have the same problem with my website. I can't find what was infected. I could use some help with it.
Is it enough to just change the htaccess file ?

thanks

[MysteryFCM]

Please see;

http://www.malwaredomainlist.com/forums/index.php?topic=3122.0

[scumbag]

I changed ftp, sql and admin accounts, but problem still occurs. Can't find where or what is causing this.....  

[MysteryFCM]

Are you changing these from your own machine? (if so, I strongly urge you NOT do this, as it's likely your machine has been compromised, which will be how they obtained the login credentials to begin with).

Contact your hosting company, inform them your site has been compromised, and ask them to change the passwords for you. Make sure you use a KNOWN CLEAN computer, to check e-mail (assuming they send the new passwords via e-mail), and get your own machine checked;

http://www.malwarebytes.org/forums/index.php?showtopic=9573

/edit

As an addendum, as per the advice I linked you to, I also strongly urge you delete ALL files and folders from your site, and upload a KNOWN CLEAN backup. This will save you the hours it will take to go through each file and folder manually (and nope, this cannot be skipped or "short cutted")