Quote:
Originally Posted by ztik
normally that comes from your computer when you upload things to your server
|
yes, you're right, initially it was uploaded by one of our guys, but after cleaning the infected computer and what we thought all affected files in the server it waited in the server one week or so and then infected everything again. The file that re-infects everything is installed 2 or 3 levels before the affected file, although it seems it's a random behavior. According to most people asking for help, the usual file it looks for to start is jquery.js. We had that file affected, although not sure if it's where it started.
This trojan is quite obnoxious once you have it in your computer, it will disallow regedit, will fake program uninstall and slow down your computer A LOT, so it's quite easy to know you have it, and as far as I know, it uses several names, although Superantispyware catchs it. Anyway, just letting you guys know since it's spreading fast, at least our headaches may help someone here