Date: Sat, 30 May 2009 19:40:55 +0200 From: "Zbigniew Szalbot" <z.szalbot@lcwords.com> To: freebsd-questions@freebsd.org Subject: Best practices in finding out a trojan Message-ID: <a31e43211ecedf2849a84013a6f25f83.squirrel@relay.lc-words.com>
next in thread | raw e-mail | index | archive | help
Hello, I know this has practically no connection with FreeBSD but I have a site on a shared hosting and it appears the site got a trojan called JS:Cruzer-D. I cannot find anything about it as it appears to be relatively new (28 May). Anyway, I am trying to browse through the joomla cms files in hope of locating it. I haven't seen anything suspicious with the file modification time (and I have checked those which have been modified within 48h period. I am a bit stuck at the moment and if you can offer any advice on how to troubleshoot such things on a UNIX system, I'd be really, really thankful! There is some information about JS:Cruzer-C on the web but code of this trojan is not present on the infected website (I have grepped all the files today). Ah, I will add that the trojan is only reported by avast antivirus when people visit the site in IE (in other browers, this problem does not appear). Best regards, -- Zbigniew Szalbot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a31e43211ecedf2849a84013a6f25f83.squirrel>