Recently i have found that when i go to my site norton comes up saying that my site has a virus: JS/TrojanDownloader.Agent.NRL trojan Any help would be appreciated on getting rid of this. Thank You
We can tell you how it was done if the altered file is still there and is less than 30 days old. But it won't tell you anything specific about who. Typically it is done in one of two ways: - Through an insecure application (file upload application, SQL injection, etc.) - Via legitimate login gained by keylogging an infected home or business computer. In all likelihood, it was done using a valid username/password gained by keylogging an infected computer. We have seen quite a few of those lately. Follow the steps below to clean up your site/computers. The other way they get in is through insecure applications. Meaning a two or three year old off-the-shelf application that uses a database and has not been updated recently, or through your own data submission form that does not properly reject or replace dangerous data. What you should do to clean up the issue: 1) Perform a thorough virus scan of every computer you use to access your site and remove any malicious programs. There are a lot of free detection tools, here are links to a few: http://www.microsoft.com/security/malwareremove/default.mspx http://vil.nai.com/vil/stinger/ http://www.safer-networking.org/en/spybotsd/index.html 2) Once you are certain that all of the computers you use to access your site are free from malicious software, delete all the files from your site. 3) Change all of your account passwords - including FTP, database and email account passwords - and the passwords of any users that have FTP access in Control Panel (https://my.discountasp.net). 4) Re-upload your site files from a backup that you have verified to be "clean," or from a backup made previous to the exploit. If you clear out files and change passwords without being certain that your computer(s) are free from malicious software, it is likely that your login information (and your site) will be compromised again.
