Hi folks, can you help me?
I have a little web server with few web sites and 3 days ago many users started contacting me about trojans on sites which are on my server. In all cases is the trojan detected only with Avast! antivirus, other antivirus softwares says the site is clean. For this case a installed a clean Windows XP and on virtual PC and the latest version of Avast!. The users were right.
Every web site (domain) have own different FTP and database accounts. The problem is on all domains, and randomly is infected an image, a script or the page. I checked the pages, they are clean, codes are clean, I don’t now where is the problem. Once is page infected and blocked, after refresh is alert on another part of page and it’s loaded. I can’t explain it, the infected files are changing randomly? No, it’s bulls… Please help with this problem. Thanks.
P.s.: Sometimes for a few hours is everything ok. For example, at morning users wrote me, the problem is solved, and at evening they call me: the virus (trojan) is back.
Yes, actually is everything ok, but 3 hours ago…
But I have an idea. It doesn’t make sense, but two hours ago I restarted the Apache (2.2.x). Can it be the reason why the pages are actually without trojan warnings? The virus database is the same 101107-1.
The problem is here again. Only for few minutes, but it’s frustrating. Actually is friday 22:18 (10:18 PM) here and clients calling me. I checked the pages from virtual OS with installed Avast, and I get alerts for all domains, but after 2 minutes and few refreshes, they are gone. What is wrong, where is the problem? I don’t undersand that, please help.
I have seen something similar - have just taken ownsership of this site and find that avast reports the redirector-CV trojan occasionally for various files - gif’s and ico’s so far. site is www(dot)xiva(dot)com
OS - XP Pro SP3
Browser- Chrome/IE8
Avast:
virus def 101113-1
program vn 5.0.677