• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

win32/agent.jt and .asp files being maliciously amended - help!

Hi guys,

I'm at my wits end with this - I've taken over a server which seems to have an infection on it.
I was called in because the website, written in .asp and with a SQL back-end, had started redirecting users to other sites, such as donepoker.com.

Having checked the site, the amendments had been made to the .asp files, not the database tables.

First thing I did was get Kaspersky on the system, which found 10 viruses and promptly removed them. I then installed Windows Defender, which found the win32/agent.jt trojan and removed it (it came back a day later).

I've also changed the database username/password, changed the site's folder permissions/name, deleted any user accounts that looked remotely dodgy and rebooted.

2 hours later the site was redirecting to corrupt websites again. No infection this time, just altered code in the website folder. I promptly overwrote the bad code with a backup saved in another folder, and the site is back to normal.

So basically, what the hell do I do to keep this system safe? It's using Windows Firewall (I've since asked the data centre to get the system behind their own firewall, something that had been "overlooked" apparantly).

Any ideas/suggestions would be most welcome - I feel like I've been firefighting all day.
0
Acteon
Asked:
Acteon
2 Solutions
 
Mohamed OsamaSenior IT ConsultantCommented:
ake a lok at this post please

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Server_Anti-Virus/Q_24089228.html

SQL injection attack that was done en masse a few months back, there is some sort of automated tools runnning around, so it is being abused alright.

0
 
xmachineCommented:
Hi,

Check the following articles which could help you fixing the injection problem:

http://www.sqlteam.com/article/search-and-replace-in-a-text-column

http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx



A Symantec Certified Specialist @ your service
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now