Advertisement

05.14.2008 at 05:03PM PDT, ID: 23403603
[x]
Attachment Details

Virus triggerred by MS SQL (?) on website viewed in IE or Firefox - Trojan-Downloader.JS.Multi.ca

Asked by BestAviation in Server Anti-Virus, SQL Server 2005, Anti-Virus

Tags: ASP, SQL, IE7, Firefox, www.bestaviation.net & www.aviationcareerguide.com

My website (BestAviation.net) seem to have a virus of some sort hijacking the loading of the site and downloading something from other IP's and domains. Monitoring the load progress in the bottom left corner I notice the following being loaded by IE7: 66.197.168.5, dir51.com, 67.228.13.98. Further I get asked if I wish to run the ActiveX "Microsoft Data Access - Remote Data Source" and ZoneAlarm on my personal computer comes up with a virus warning saying I have Trojan-Downloader.JS.Multi.ca.

The two IP addresses point to Amirc.org and breastenlargenow.com respectively - not something I would put on there myself :S

I cannot find anything in the server's event log kicking up an error or a warning. When viewed on a Mac or in Linux the site loads normally so the issue seems to be isolated to Windows but both IE7 and Firefox is affected (only once I've tried). Further I have tried on two different computers running Windows with the same result.

Trying to troubleshoot the problem I have noted the following:

1) The virus triggers on two different domains on the same server (bestaviation.net and aviationcareerguide.com)
2) The two above mentioned domains are pointing to two different IP address but are hosted on the same server (I have one on an exclusive IP and the other on a shared IP with other unaffected websites so the DSN do not seem compromised here).
3) The problem only occurs when an SQL string is executed (more spcifically an execution to display DB content - a DB connection alone does not trigger the virus). I found this out by removing and reinserting code containing SQL executions and refreshing the browser to see what results it would give me.
4) Any page on the two websites not executing anything from the MS SQL DB are not affected and will load normally
5) The two websites share the same database and collect information from the same table.
6) The database is MS SQL Server 2005 hosted on the same server as the websites.

This is as far as I am able to analyze the problem and I have no idea on how to solve it =(

Any help is deeply appreciated.
Start Free Trial
[+][-]05.15.2008 at 06:20AM PDT, ID: 21573249

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.15.2008 at 06:31AM PDT, ID: 21573381

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.15.2008 at 07:04AM PDT, ID: 21573726

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Server Anti-Virus, SQL Server 2005, Anti-Virus
Tags: ASP, SQL, IE7, Firefox, www.bestaviation.net & www.aviationcareerguide.com
Sign Up Now!
Solution Provided By: DanielWilson
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628