Hello,
I have 2 servers (1 with Windows Server 2008 R2 and one with standard edition ) and I host there websites (ASP.NET 2.0 and ASP.NET 4.0)
I few days ago antivirus(Microsoft Essentials) detect a virus:
Category: Backdoor Description: This program provides remote access to the computer it is installed on. Recommended action: Remove this software immediately. Items: containerfile:C:\HostSpace\website.com\userfiles\file\ez.jpg file:C:\HostSpace\website.com\userfiles\file\ez.jpg->[PHP] Get more information about this item online. Backdoor:PHP/RST.AC
I run a full scan but the antivirus don't find anything .
The same virus was find on the both servers .
In my opinion is a virus that creates folders with write rights on the hosting files and then try to upload there some files.
I have search in my servers for the folder "userfiles" and I have deleted them.
My concern is that : Last Night I find again a new directory \userfiles\file into another website files .
I think I had this problem a few months ago : I saw there some new directorys like : user files , but I deleted them.
Can somebody help me with some suggestion ? I saw that these directory apears at ASP.NET 2.0 web sites .