download-123.cn/vtiadmin2/t.php

Each time I am using Internet Explorer; it hangs or sometimes took time to completely load a page. At the bottom or status bar it connects to “download-123.cn/vtiadmin2/t.php”

Was it downloading a virus or something? Am I already infected?

7 Responses

  1. celebi says:

    i have the same problem.whats your server? may be the problem is the server…

  2. jhumhong says:

    Guess you guys is infected with a Bloodhound.Exploit.213. Another symptoms of this is an error on Adobe Acrobat Reader each time you will turn off Windows. To get rid of this scan your computer with updated antivirus while on SafeMode.

  3. James Evans says:

    Hi,

    I have the same problem as well, it appears on one of our main sites on our server, but after reading the above post it appears it is on a majority of the sites.

    what i dont get is, i visited the site on a brand new laptop out of the box and that also went to download the virus which is making me think it is something on the server ? ?

    What would be the best way of getting rid of this.. ?

    hxxp://download-123.cn/vtiadmin/inocs.pdf < that is the link it is trying to download from and the size is 5.43KB

    Cheers

    James.

  4. tekie says:

    That would be an infection on the server. This malware will modify the index.php file or header file. Please look at your file and remove the Malicious JavaScript added. That would do it.

  5. celebi says:

    i have contacted to my server ..he says everthing goes normal..any suggestion..

    Thanks

  6. jhumhong says:

    This could happen if a computer was infected with a trojan that can steal FTP passwords. When the password was acquired the trojan will connect to a server and inject a javascript file on all index.php and index.html files.

    To resolve this:
    1. You must modify your index.php or index.html files and remove the javascript the trojan added on header or footer. For sure you know how a javascript looks. The type of script was encrypted or garbled character.
    2. Scan you computer throughly of virus, and remove saved passwords on FTP software.
    3. Change you passwords on FTP or Host.

  7. celebi says:

    worked thanks jhumhong