Quote:
Originally Posted by KlenTelaris
Ok so we concluded comus is cause of this?So i can start removing it.
|
I don't have comus or use it.
The infection did not even take place on any of my office PC's, but in the office a few blocks down the street where the designers and programmers have the office.
One guy there had an infected PC that had FTP access to one of my servers. Not sure if they use comus or not but I don't think so. Infection takes place thru adult infected websites in all popular browsers without anti-virus programs seeing it.
Hidden custom build (FTP) logs show somebody using my FTP user/pass without brute force entering and adding some files and making some changes similar to all infected victims.