Virus Removal
Description
A while back we had a problem with a virus breakout on our website. We thought we had eliminated it, but it once again modified some of our most important files, including our index.html page. What it seems to be doing is adding js code to certain files, so far all we know about is our main index file and the index file of a subdomain. We think this came from a security hole in our photo gallery (Coppermine Photo Gallery), so the search will start there.
As far as we know, this has effected us in 2 locations, although there may be more we do not know about. First, ‘Trojan.JS.Pakes.bh’ (from www/index.html) and ‘language=”javascript”>$=’ (from www/poker-network/index.php). It looks like the code was manually added but perhaps one of our many JS files or something else have been corrupted?
We need a professional to help diagnose, remove this virus AND prevent it from coming back. NOTE – We do not feel comfortable giving someone we do not know full FTP access to our server. We will create a copy of the main directory we believe the problem resides in and you can search and make the fixes here. The winning bidder must understand that they have to find and fix this issue without ftp access. (Although you will not have full ftp access, you can work in real time with someone who will have ftp access [over gtalk, msn, aim, skype, etc.])
Please see attached pictures for screen shots:
SS1 – User not able to view our homepage
SS2 – Code added to index.html (line 355)
SS3 – Code added to network page (line 198)
SS4 – Virus popup from network page
