What should we do if our account is infected by Trojan Downloader?

+12 votes
What should we do if our account is infected by Trojan Downloader?
asked Jan 22, 2013 by dmitry (5,720 points)

1 Answer

+5 votes

This type of virus is well-spread all over the Internet.The virus works in such a way: it installs itself on the local PC when anybody surfs the infected site by browser with standard security settings. After that it starts to chase the FTP logins and passwords. After that it connects to FTP accounts using this information and adds its code to each of index pages.

image

 

Standard security settings:

 

image

 

To resolve this issue you need:
1. delete the code added by the virus from every index page of your site;
2.remove the virus from your local PC;
3.change all passwords for your FTP accounts.

Please, note, that this problem is not connected with the server's security, the virus works the way described above.

Here  is  an example of Trojan-Downloader.JS.Iframe.as

# cat index.php
<?php
        ... SOME PHP CODE ...
?>
<script>
  VIRUS CODE:
    functio........(v4816b2cb42ef9){ function v481b436b6 ........turn 16;}      return(parseInf9,v48cb436b6()));}function  v4816b2cb455(v481b44e26){ function v44714d () {return 2;} var v4816b2cb459db.......816b2cb46aaf=0; v4816b2cb6aaf<v4816b2cb44e26.length; v4816b2cb46aaf+=v4816b2cb4714d()){ v4816b2b459db+=(String.fromChdocument.write(v4816b2cb44655('3435249.......... 50543E'));
</script>
( For security reasons the code was changed )

 

answered Jan 22, 2013 by Johnas (4,470 points)
In order not to have viruses on your site, try to secure the site templates and update your account passwords from time to time.
I advise you just to scan your PC for viruses first of all and only then check the hosting files.
If your website has been hacked and malicious content has been inserted into your files, you should clean them as soon as possible to prevent further damage to your hosting account.When the malicious code has been removed, you should upgrade all applications on your hosting account to their latest stable versions.
If you have malicious code in your scripts, better ask your hosting provider to restore your site from the latest backup. The procedure of deleting the viruses from your site usually takes much time.
Use http://onlinelinkscan.com and https://www.virustotal.com to scan the site viruses directly online.
Online scanning is a good solution, but usually all those online scanners don't find all the viruses and worms.

That is why I guess the best  solution is copying all the sites files to your computer and then scanning all of them via your PC anti virus scanner( like Kasperskiy for example).
...