Trojans coming from my site

glosso said: "Hello, I've had several people tell me that when they go to my site they get warnings about trojans. I contacted my host provider. He said he's scanned the server and finds no trojans. I did delete a *.js file and that seemed to cut down on the occurrence of the worms, but they're still there. I use Dreamweaver and Dreamweaver template pages to design my site. The host looked at some of my files and said he thought the template tags that have BeginEditable and EndEditable comments in them could be causing the problem. I didn't believe him. I assumed he just didn't know what they were and so pointed the finger in that direction. I didn't want to believe him because doing away with templates means tons more work for me. Any suggestions as to how to rid the trojans from my site or what possible files on my site could be linking to the trojans or otherwise letting them in? Anyone know if my host was right about the templates? In the dark here. Any information helps. Thanks."

edwin said: "what program is giving them the error message? what is the error message?"

glosso said: "Hi Edwin, I apologize, but I'm not getting that kind of details from my customers. I'm not getting the warning myself, so I don't know. One thing I do know is that I'm using DRM to protect my content. I just read on the board that DRM might be the culprit. I contacted DRM and they assured me it's not their stuff that's causing it. Thanks."

glosso said: "Hi Edwin, AVG finally detected the virus for me when I went to my home pages. trojan horse dropper.small 9L It was trying to install it at c:\spe\inst.exe Anything you can do to help? Thanks. Thanks."

edwin said: "you will probably want to disable cgi-bin access, so that no programs can run right now. does this happen on the home page? contact your webhost right away and see what they suggest. i assume this is a windows server?"

glosso said: "Hi Edwin My site is on a Linux server. Apache. I've not noticed it happening from the Home page. I did manage to make it happen from my from my Members area and my CCBill page. Here's the scenario: My machine at home appeared to be clean. I'm surfing my site, go to my Members area, which anyone can access, and suddenly I get what looks like an advertisement that comes up in a

layer. The add reads: "System scan finished. Progress: 12 threats located. System security scanner has detected the following threats on your computer: Dialer ActiveX/AllInOne, InetSpeak/Iexplore/A, OnlineDialer/MaConnect, XDialer/XDial, Trojan Internet Optimizer, ezCyberSearch, Gator/PDP/3061, Trojan AdPopper, HuntBar/TS, ACXInstall, BrowserAid, TrojanAdPopper.gen 3. Security risk critical !!! webelez.com is recommending you to install one of the threat-eliminators, to avoid your system security risk and eliminate all risks !!! [click here to get one]" I then ran AVG and it immediately found on my computer: Trojan Horse Dropper.Small.9L Trojan Horse Dropper.Small.7V Trojan Horse Dialer.12.AI Trojan Horse Dialer I'm not sure if this is what my customers are getting or not. I'm running Spybot S&D, Ad-Aware and AVG Free-Edition on my machine. Tonight I plan to run my machine in SafeMode and run all of the ad-zappers and AVG. Comments, suggestions? Thank you."