D
DougC
Guest
Don't visit any of the links to my own website until further notice (the norcom2000.com/dcimper address).
I found a problem on my website today: there was a trojan javascript loader written into the two base pages (index.html and default.html).
I don't think I ever posted links to those pages here, because the index page just had html links off to other pages and sub-directories that I posted stuff on. None of the bicycle-related pages had the trojan stuff on them when I checked them today (the evening of January 10).
The ISP was looking into the matter this afternoon and said for me not to mess with the website for a few days until they say they're done--so I cannot upload new pages, or make any changes at all. Whoever did it the first time could do it again to other pages however, so just stay away until further notice.
I had Spybot Search and Destroy and AdAware but no antivirus. Spybot and Adaware both picked up different various infections when they scanned but could not delete them. I installed AVG antivirus afterwards but that found even more totally-different stuff and could not delete that either (-all three of these programs are free downloads, by the by). I tried for a couple days and couldn't isolate any one virus or trojan that was being used, and decided to just reinstall WinXP.
If you use Firefox and you see in the status bar that it tries to connect to the IP addresses 77,221,133,189 or 77,221,133,188 , then your computer is infected. I don't use Internet Explorer at all, so I don't know if that gives any visible warning or not.
For the technically-inclined, this is one page with some info on the matter:
http://www.justsupportuk.co.uk/77-221-133-188.htm
~
I found a problem on my website today: there was a trojan javascript loader written into the two base pages (index.html and default.html).
I don't think I ever posted links to those pages here, because the index page just had html links off to other pages and sub-directories that I posted stuff on. None of the bicycle-related pages had the trojan stuff on them when I checked them today (the evening of January 10).
The ISP was looking into the matter this afternoon and said for me not to mess with the website for a few days until they say they're done--so I cannot upload new pages, or make any changes at all. Whoever did it the first time could do it again to other pages however, so just stay away until further notice.
I had Spybot Search and Destroy and AdAware but no antivirus. Spybot and Adaware both picked up different various infections when they scanned but could not delete them. I installed AVG antivirus afterwards but that found even more totally-different stuff and could not delete that either (-all three of these programs are free downloads, by the by). I tried for a couple days and couldn't isolate any one virus or trojan that was being used, and decided to just reinstall WinXP.
If you use Firefox and you see in the status bar that it tries to connect to the IP addresses 77,221,133,189 or 77,221,133,188 , then your computer is infected. I don't use Internet Explorer at all, so I don't know if that gives any visible warning or not.
For the technically-inclined, this is one page with some info on the matter:
http://www.justsupportuk.co.uk/77-221-133-188.htm
~
Last edited by a moderator: