This site www.edesimusic.internet and www.juraatmedia.com is have contracted JS:Illredir-S [Trj] adware and spyware. My website continue getting have contracted some redirects or js scripts or iframe script, after cleaning them I change my passwords also it comes again after couple of days.

Can anybody let me know how you can safeguard my websites correctly and just how to get rid of herpes JS:Illredir-S [Trj] ? I'm not getting any details about herpes and which file on my small server is have contracted it.

Help me!

I'd exactly the same problem, home windows up-to-date, anti-virus up-to-date ( AVG on the foremost and Symantec on my small second computer ), anti-spyware up-to-date..... I never install "strange things" ... and so i believed that I had been protected. All of a sudden all the sites/accounts during my filezilla where infected with a JS:Illredir-CB [Trj] trojan viruses.

It takes place having seen an internet site of the large company. This Trojan viruses arrived my computer, with no warning.....very easy. The script would be a javascript function: a myriad of methods to produce al connect to an online site with port 8080. That one put a JAVA applet inside a iframe, which opened up a CMD without anyone's knowledge wich installed some files localy in system32.

Things I did:

  1. Remove all of your FTP login configurations, or set this in most the accounts on "request password"
  2. I transformed All of the configurations from the FTP accounts. (Get It Done, because i didn't remember one, and that one was three days later touched again )
  3. Scan your pc entirely. I observed now that only AVAST detected that one ( used to do try al large amount of scanning devices)
  4. All of your FTP sites are touched... and each map ... during my situation also the https files ...so you've to check all of the files ( check it on date/time )

Check All of the .JS files and all sorts of the files with names like "home" "default" and "index"....at the end from the file is definitely an extra line written. ( they aren't the same !! ....but look-a-like ) A number of my files were totaly corrupt, and so i needed to go ahead and take backup with this ones.

In p FTP log files from the server i see several occasions an effort for connecting using the old configurations..... so that they check it out more then once.


I required a great consider the scriptings which infected my computer:during my situation the function opened up the backdoor to [ http:// highstate . ru: 8080 /google.com/stumbleupon.com/btjunkie.org.php ] however i saw in certain other scripts that highstate.ru isn't the only domain..... Check these links what norton states relating to this domain names: [ https:// safeweb.norton.com/ report/show?title=anyscent.ru ] or [ https:// safeweb.norton.com/ report/show?title=highstate.ru ]


Latest ones i saw:
index.html: JS:Illredir-CB [Trj] ++ exemple.htm [L] HTML:Downloader-F [Trj] ++ Applet1.htm [L] JS:Jaderun-A [Expl] simply by exactly the same method: an online script at the base of the web page / js-file

Nice example: now is really a trojan viruses on this website: [ http:// wordpress.org /support/subject/349452 ] my AVAST saw that one, and disabled the page.

I really hope somebody can perform something with my experience !!

( :-) sorry concerning the language-mistakes, however i am nederlander (-; )

xox, Harts from Holland