Solved

Determining if my website is infected with "Remote Data Services" trojan or keylogger

Posted on 2007-04-03
2
5,521 Views
Last Modified: 2013-11-22
I have a forum running on phpBB hosted by a commercial hosting company.  Suddenly, my users are beginning to complain that they are getting trojan virus warnings when accessing the site.  Other users are indicating that they are getting the following pop-up in IE asking to install an applet:

"Remote Data Services Data Control" from "Microsoft Corporation"

I have contacted the site host, and they claim that their server is clean.  Everything I've dug up on this indicates it is some remote control trojan, or javascript based keylogger.

My question is, I need to analyze this website for the presence of a virus and prove that it is infected (if it is).

How would I go about this?

*V*
0
Comment
Question by:vossupport
2 Comments
 
LVL 1

Expert Comment

by:inuyasharules
Comment Utility
one way to do it would be to disable all firewalls and antivirus/spyware programs and surf the site for a while, then turn everything back on and do a complete scan. id recommend doing this on a spare computer so you dont put your main computer at risk of a comprimise
0
 
LVL 3

Accepted Solution

by:
OMonge earned 500 total points
Comment Utility
Hello,

Sometimes, malicious code is embedded on the site (the one you're browsing), you can look at the source code of that site and check if it contains it and let the owners know. Another thing to take into consideration, most of the times, viruses/trojans try to fool the user around by making 'em believe that something is missing. Pay attention to it.

Regards,
OMonge.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now