win32/agent.jt and .asp files being maliciously amended - help!

Hi guys,

I'm at my wits end with this - I've taken over a server which seems to have an infection on it.
I was called in because the website, written in .asp and with a SQL back-end, had started redirecting users to other sites, such as

Having checked the site, the amendments had been made to the .asp files, not the database tables.

First thing I did was get Kaspersky on the system, which found 10 viruses and promptly removed them. I then installed Windows Defender, which found the win32/agent.jt trojan and removed it (it came back a day later).

I've also changed the database username/password, changed the site's folder permissions/name, deleted any user accounts that looked remotely dodgy and rebooted.

2 hours later the site was redirecting to corrupt websites again. No infection this time, just altered code in the website folder. I promptly overwrote the bad code with a backup saved in another folder, and the site is back to normal.

So basically, what the hell do I do to keep this system safe? It's using Windows Firewall (I've since asked the data centre to get the system behind their own firewall, something that had been "overlooked" apparantly).

Any ideas/suggestions would be most welcome - I feel like I've been firefighting all day.
Who is Participating?
Mohamed OsamaConnect With a Mentor Senior IT ConsultantCommented:
ake a lok at this post please

SQL injection attack that was done en masse a few months back, there is some sort of automated tools runnning around, so it is being abused alright.

xmachineConnect With a Mentor Commented:

Check the following articles which could help you fixing the injection problem:

A Symantec Certified Specialist @ your service
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.