http://www.spamhaus.org/dbl/removal/rec ... oktalk.com
Which leads to a suspcious file on toughbooktalk.com:
/styles/skylineblue/theme/dump.php
Rob, I run several web servers for a living and have suggested you try out maldet. Here is how to do it on windows.
Download Clamwin here:
http://downloads.sourceforge.net/clamwi ... -setup.exe
Download maldet here:
http://www.rfxn.com/downloads/maldetect-current.tar.gz
Install Clamwin and extract maldet somewhere temporary so we can copy its sig files. 7zip can handle tar.gz in two steps, first un-gzipping then un-tarring
Make a directory inside the clamwin bin directory named 'maldet'
For example on my system it would be this full path:
Code: Select all
C:\Program Files (x86)\ClamWin\bin\maldet
Open a command prompt and cd into the Clamwin's bin directory
Code: Select all
cd C:\Program Files (x86)\ClamWin\bin
Run this command, preferably using the administrator user to reduce 'permission denied' errors on individually scanned files:
clamscan.exe -r -i -d maldet (FULL PATH TO YOUR WEB FILES)
for example:
Code: Select all
clamscan -r -i -d maldet e:\inetpub
Maldet might report back about files containing base64 or otherwise obfuscated code. These are not necessarily infected but often are. They should be examined individually. It's the other types of nasties that should be taken more seriously like PHP shells.