Best practices in finding out a trojan

Zbigniew Szalbot z.szalbot at
Sat May 30 17:42:02 UTC 2009


I know this has practically no connection with FreeBSD but I have a site
on a shared hosting and it appears the site got a trojan called
JS:Cruzer-D. I cannot find anything about it as it appears to be
relatively new (28 May). Anyway, I am trying to browse through the joomla
cms files in hope of locating it. I haven't seen anything suspicious with
the file modification time (and I have checked those which have been
modified within 48h period.

I am a bit stuck at the moment and if you can offer any advice on how to
troubleshoot such things on a UNIX system, I'd be really, really thankful!

There is some information about JS:Cruzer-C on the web but code of this
trojan is not present on the infected website (I have grepped all the
files today).

Ah, I will add that the trojan is only reported by avast antivirus when
people visit the site in IE (in other browers, this problem does not

Best regards,

Zbigniew Szalbot

More information about the freebsd-questions mailing list