Hello All,
some of you may noticed that on my site ( http://www.caromguild.de | http://www.caromonline.de )was an error with an Virus Trojan Downloader.
As the first user reported this error to me, i checked all files on the server -> didnt found anything, so i deleted all and reuploaded all files. Before, i checked with winmerge with the latest IP version and didnt found any evil code.
I never got such a message if i visit my forum... and so i thought that this could be related to a banner script code. So i first deactivated all banners -> no success, after that i deleted all banner -> no success.
Today i found the error. It comes from a folder where i didnt pay much attention on it. it was from the _uc folder. which i use for/if i´m updating my site.
I this folder there is only a index.htm, logo, and style_sheet file.
The evil code was included in the index.htm dont know how the hacker could inject this.
It was a VBScript code (if someone would have tht code to check it i can send it) which includes a file called lsass.exe . I wrote a email to the hoster where the file is located (is a normal board) and told him that he should delete this file
I just want to inform you that, if you are using also the folder (which is included in the IP contribut folder) with the upgrading .htaccess file, that you should delete this folder from your server, if this is not used!!!
Also i want to say sorry for the problem that the users may have be visiting my site.
greetz