[RESOLVED] Finding a trojan horse
Results 1 to 5 of 5

Thread: [RESOLVED] Finding a trojan horse

  1. #1
    Senior Member
    Join Date
    Jan 2009
    Location
    CA
    Posts
    265

    resolved [RESOLVED] Finding a trojan horse

    I have a user who claims that his virus protection program alerted him to a trojan horse in one of my programs that he tried to access. I checked the file names that he should have come in contact with and everything looks okay on the server. I've never had a complaint like this and I am not sure how to hunt it down. Any advice?

    Thanks,
    robkir

  2. #2
    Administrator Steve R Jones's Avatar
    Join Date
    Nov 2011
    Location
    Dallas, TX
    Posts
    130
    Try to scan with the same app they used.

  3. #3
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    14,479
    I would think it's not likely to be your PHP code itself, but some file that the browser is being instructed to load (image, javascript file, etc.), which might include any 3rd party advertisements you display on your site.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  4. #4
    Senior Member
    Join Date
    Jan 2009
    Location
    CA
    Posts
    265
    Mystery solved... I installed Google's Re-Captcha three days ago, to try to insure that spammers couldn't feed a bunch of spam on my program's initial 'set up account' email request. Apparently the bad guys broke into Re-Captcha and installed HTML: Bankfraud ZG. The fix? I pulled the plug on the Re-Captcha. The various security programs seem to be aware of it...and, since I keep a log, only a handful of people were at risk. I've learned my lesson.

  5. #5
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    8,221
    Glad to hear it! Please consider marking this thread as RESOLVED ;-) :-)
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •