that thread implyed its downloading a codec, do we know what its calling itself and were its putting it ?
if thats the case and will a simple regsvr32.exe /u codec-name then delete the file if its auto installed itself work?
http://www.developersdex.com/asp/mes...2978&r=6157380
"
Re: Strange javascript in my index.html file.
From: The Magpie
Date Posted: 2/11/2008 5:40:00 PM
Randy Webb wrote:
>
> I agree that something got whacked somewhere. But, before you can
> even answer the question, you would have to know where the "file"
> is served from. It could be on a server that has free FTP - for a
> price - and is silently inserting it.
>
Agreed, you do.
>
> As for it being a site that you are "driving visitors" to, that is
> nonsense. The iframe is hidden - display: none. Doesn't make a lot
> of sense to drive someone to your site if you hide the window it is
> going to be displayed in.
>
Correct - nothing to do with the site location.
>
> Bet you an internet beer it is a tracking site.
>
There, you lose.
Its a trojan disguised as a codec and drops quietly and happily into
your system through Media Player (unless you are one of the few
cautious types who set it to choose "Don't download codecs without
bloody asking me first!"). For the OP this means a couple of things.
1. Your PC is now infected and has been recruited into a botnet.
2. Your website is infecting other PCs every time one visits it.
3. Your PC is now being used by a - probably criminal - gang.
4. The hard one - you know about it, so you are responsible.
In essence, this means fix the website, or you could be sued. Clean
your PC, or you could be sued. Report the hacking to your hosting
provider, or you could be sued. Report it to your local or national
police, or - worst of all - you could be charged as an accessory to
the criminal activity probably now going on with your PC and with all
your website visitors. Yes, this is serious. You need to deal with it."