Make sure you go through the hosts file in etc/hosts to see if there are any references to pagead2.googlesyndication.com or any other Google stuff and delete them. It's still a possibility that it really isn't Google doing it, but a third-party site which redirects back to Google after it installs shit on your comp unbeknownced to you. Might as well eliminate any possibility it's the box. If it's not the box, then well... we at least know with certainty WE aren't the ones dumping trojans on people.
You still need to scan the entire disk for any more viruses because I didn't want to download every single file off the server and check by hand unless I had to. I can, but it will take a while to dl it all.
Oh and feel free to email that pic to Google and tell them to shove it up their ass. Here is the log of it:
EDIT:9/29/2008 3:49:18 PM SYSTEM 1672 Sign of "SWF:CVE-2007-0071 [Expl]" has been found in "http://pagead2.googlesyndication.com/pagead/imgad?id=CKWl9-Lap9WKDRB4GPABMghBuUR29LmeLA" file.
In case you're interested in the infection on our server, here it is:
I obviously deleted any infected files I found...9/29/2008 3:12:13 PM SYSTEM 1672 Sign of "ELF:Malware-gen" has been found in "C:\Users\Merlin\Desktop\httpdocs\picturepost\imag es\maps\final_fantasy_iii\xh" file.
Reply With Quote
Bookmarks