JS-Redirector-G [trj] warning

Not sure where else to post about this, but this has been becoming a pain in the ass lately. Not sure how it happened, but a few months ago some of the files on my server in FTP were hacked with that malicious malware crap, so I removed it all (or so I thought).

Basically I removed all the infected files from the FTP server. Uploaded NEW copies of things, usually just blank index.php files instead of blank index.html files. And some images. Done. I rarely log-in to my FTP at all, until more recently... But before doing that, going to some of my domains, I kept getting the Avast popup warning about the JS-Redirector-G [trj] problem. WTF?!? I found some website regarding the removal of it, and as far as I know, it's been removed.

Does anyone else know of these JS-Redirectors? And how to remove them for good or to secure hosting accounts from getting nailed again? I have that NoScript plugin for Firefox as well... Just sucks, because I rarely even run any software on my site, which is pretty sad in itself to fear of doing anything with your own site, for this crap to happen. >_<.

P.S. I run anti-spyware removers almost daily, and I think I have this issue taken care of. But I'd like to make sure for definite that it is removed. Just not sure what other options there is for doing it though...? (Most will probably say, don't porn then! LOL!)

If you get hacked and you've got a small site it's really best to just ask your host to reset your account, then upload all your old files. Even if you lose a little bit of stuff from the db since you last did a backup, it's worth the loss.

TBH mate, I'd suggest if you're going to look at things that obviously may well be vectors for malware then just dual boot a linux distro - say Ubuntu - and then view it with that. Firefox is included by default and flash, etc, is easy to get. That way even if you do get some obscure thing that ****s up your Ubuntu (v. unlikely) it's probably not going to trash what really matters. Alternatively you can look into Virtual Machines, but I'd say dual boot is really the ideal, if a little inconvenient perhaps.

Originally Posted by 46Bit If you get hacked and you've got a small site it's really best to just ask your host to reset your account, then upload all your old files. Even if you lose a little bit of stuff from the db since you last did a backup, it's worth the loss.

Thanks for the reply 46Bit. Oliver hosts me at the moment, and maybe he'll chime in when he comes back on here. At the moment, (well even before actually) I really didn't have any databases until more recently (a couple of days ago after that JS-Redirector was removed) when I installed a vBulletin 4.0 Beta 3 on one of my domains.

And there's no other software on my account other then that. So a reset of the account wouldn't bother me at all (nothing to lose anyway! lol). And I had made up a new (more secure style) password as well, for Cpanel / FTP. I'm also currently rescanning the computer for Mal-ware as well. So far, so good. Further more, as a double check on my domains, I checked them all through this site, and they all come up clean as well.

http://www.unmaskparasites.com/

Domains: spencerpassmore.com, spencerp.net, im*******.com, and smooey.com

Reference sites:
http://forum.avast.com/index.php?PHP...&topic=45296.0
http://forum.avast.com/index.php?topic=44624.15

There's a few others as well, but not really worth posting them all here I don't think.

Originally Posted by 46Bit TBH mate, I'd suggest if you're going to look at things that obviously may well be vectors for malware then just dual boot a linux distro - say Ubuntu - and then view it with that. Firefox is included by default and flash, etc, is easy to get. That way even if you do get some obscure thing that ****s up your Ubuntu (v. unlikely) it's probably not going to trash what really matters. Alternatively you can look into Virtual Machines, but I'd say dual boot is really the ideal, if a little inconvenient perhaps.

Thanks for the tip 46Bit. Unfortunately, I can't afford anything like that, unless there's something free. Maybe if I can gather up some some spare cash, I'll invest into it. I'd really like to have something other than crappy Microshit Windows. Haha.

Originally Posted by spencerp Thanks for the tip 46Bit. Unfortunately, I can't afford anything like that, unless there's something free. Maybe if I can gather up some some spare cash, I'll invest into it. I'd really like to have something other than crappy Microshit Windows. Haha.

Ubuntu is 100% free, hence why I suggested it. All you'd need would be a few gig of HDD space, if you're interested I'll take a look into how much for you.

Originally Posted by 46Bit Ubuntu is 100% free, hence why I suggested it.

Ah, right! *Forehead slap*

Originally Posted by 46Bit All you'd need would be a few gig of HDD space, if you're interested I'll take a look into how much for you.

Awesome! Thanks, and I have more then enough HDD space...

http://www.ubuntu.com/getubuntu/download-wubi

That's the easiest way to install it for dualbooting with Windows. At a guess it'll use 5-8GB of HDD space. Once you've installed that and booted into Ubuntu, just open up Firefox, go to http://get.adobe.com/flashplayer/ to install flash, and you're free to go on dodgy sites without any real risk of screwing up your Windows.

Thanks a ton for this! I'll do that in a few minutes here. Thanks again 46Bit!

Sounds like 46bit is an expert at browsing porn sites It's going to be impossible to be 100% safe even with a setup like 46bit suggests because in the end, you have the biggest vulnerability of any network: human error.

I run a military network of about 1,600 users. Not much in terms of actual network: maybe about 20 - 25 router/switches, phones, printers, digital scanners. Even with a group policy that disallows damn near about everything, my users still find a way to get infected laptops =p

His suggestion to reset your host is probably a good one, especially if you have no mySQL db's to worry about. I know you said a few months back you got 'hacked' and this malicious code was put into your FTP, any idea how that happened? And how do you know you specifically had your FTP hacked, and it wasn't another way? I rent out a dedicated server, and had my host contact me once in the past. Apparently my server was sending out junk email in masses and had somehow got infected. Nothing like your issue, but I've never understood how exactly that happened.

Even to this day, I still get emails that 'come' from my domain name even though I know those accounts exist. I'm assuming they are spoofing the email header, but haven't bothered looking into it yet.

Anyways, didn't mean to hijack your thread. Good luck on solving the issue.

Andrew

P.S. im*******.com - nice domain name, lol.

Actually it just popped into my head when considering what he could do, I may have a dualboot W7/Ubuntu myself but that's really just so I can gradually get to grips with linux and eventually look into setting up secure servers.

Originally Posted by AndrewIGO Sounds like 46bit is an expert at browsing porn sites It's going to be impossible to be 100% safe even with a setup like 46bit suggests because in the end, you have the biggest vulnerability of any network: human error. I run a military network of about 1,600 users. Not much in terms of actual network: maybe about 20 - 25 router/switches, phones, printers, digital scanners. Even with a group policy that disallows damn near about everything, my users still find a way to get infected laptops =p His suggestion to reset your host is probably a good one, especially if you have no mySQL db's to worry about. I know you said a few months back you got 'hacked' and this malicious code was put into your FTP, any idea how that happened? And how do you know you specifically had your FTP hacked, and it wasn't another way? I rent out a dedicated server, and had my host contact me once in the past. Apparently my server was sending out junk email in masses and had somehow got infected. Nothing like your issue, but I've never understood how exactly that happened. Even to this day, I still get emails that 'come' from my domain name even though I know those accounts exist. I'm assuming they are spoofing the email header, but haven't bothered looking into it yet. Anyways, didn't mean to hijack your thread. Good luck on solving the issue. Andrew P.S. im*******.com - nice domain name, lol.

I didn't do anything yet anyway so it all good. I downloaded Ubuntu, didn't restart in it yet though (so if it's a joke on me, it's fail). I'll just have Oliver reset my account. Thanks though! Now back to my movie...

But to answer Andrew...

I'm actually not quiet sure what happened. But if I were to take a guess, it might have been from an out-dated version of WordPress. Although, I was running the latest copy at the time. It was the only software I was running at the time a few months ago. And I went to their support site to complain about it.

They basically said it wasn't WordPress' fault. Go figure. My account was fine before though. Just out the blue I started getting Google Mal-ware/ warnings on my site and while going to my various domains. Ever since then, it's been nothing but head-aches and I removed all the software. Nothing like wanting to run a site but have nothing to run anyway, because of the damn mal-ware bullshit stuff going on.

Why own a site and hosting account when you can't do anything anyway because all this crap continually happens. I rarely ever login to my account, I rarely do anything regarding software, because it's like walking on broken glass bottles. It's like paying a designer that screws you over repeatedly... sound familiar eh? Damned if you do, damned if you don't.