win32/agent.jt and .asp files being maliciously amended - help!

Posted on 2009-02-20
Last Modified: 2013-11-22
Hi guys,

I'm at my wits end with this - I've taken over a server which seems to have an infection on it.
I was called in because the website, written in .asp and with a SQL back-end, had started redirecting users to other sites, such as

Having checked the site, the amendments had been made to the .asp files, not the database tables.

First thing I did was get Kaspersky on the system, which found 10 viruses and promptly removed them. I then installed Windows Defender, which found the win32/agent.jt trojan and removed it (it came back a day later).

I've also changed the database username/password, changed the site's folder permissions/name, deleted any user accounts that looked remotely dodgy and rebooted.

2 hours later the site was redirecting to corrupt websites again. No infection this time, just altered code in the website folder. I promptly overwrote the bad code with a backup saved in another folder, and the site is back to normal.

So basically, what the hell do I do to keep this system safe? It's using Windows Firewall (I've since asked the data centre to get the system behind their own firewall, something that had been "overlooked" apparantly).

Any ideas/suggestions would be most welcome - I feel like I've been firefighting all day.
Question by:Acteon
    LVL 23

    Accepted Solution

    ake a lok at this post please

    SQL injection attack that was done en masse a few months back, there is some sort of automated tools runnning around, so it is being abused alright.

    LVL 15

    Assisted Solution


    Check the following articles which could help you fixing the injection problem:

    A Symantec Certified Specialist @ your service

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now