Best practices in finding out a trojan

[Zbigniew Szalbot]

Hello,

I know this has practically no connection with FreeBSD but I have a site
on a shared hosting and it appears the site got a trojan called
JS:Cruzer-D. I cannot find anything about it as it appears to be
relatively new (28 May). Anyway, I am trying to browse through the joomla
cms files in hope of locating it. I haven't seen anything suspicious with
the file modification time (and I have checked those which have been
modified within 48h period.

I am a bit stuck at the moment and if you can offer any advice on how to
troubleshoot such things on a UNIX system, I'd be really, really thankful!

There is some information about JS:Cruzer-C on the web but code of this
trojan is not present on the infected website (I have grepped all the
files today).

Ah, I will add that the trojan is only reported by avast antivirus when
people visit the site in IE (in other browers, this problem does not
appear).

Best regards,

-- 
Zbigniew Szalbot