Polonus - thanks for that;
The server is running PHP:
PHP Version: 5.3.17
Web Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
WebServer to PHP interface: cgi-fcgi

The software running is OpenX = and I really need that to stay running until I can find a replacement!

This server is only running ads that I post - so how can it be vulnerable? Avast is scanning and warning on a ‘possibility’ rather than a factual infection…

Also, using the JSUNPACK returns:


www.googlecodehosting.net/openx/js/functions.js?cp=620 benign
[nothing detected] www.googlecodehosting.net/openx/js/functions.js?cp=620
     status: (referer=http:/ads.cigarweekly.com/www/delivery/afr.php?zoneid=1_target=_blank )saved 2 bytes ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
     info: [0] no JavaScript
     file: ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610: 2 bytes