I seem to have picked up a bug on my pc and when I logged into my ftp account the virus then injected some malicious code into EVERY SINGLE FRIGGIN .js file.
Quite the pain in the arse.
In my ftp account I noticed some rather odd behavior. When I did a search for all files ending in .js it seems that one of the malicious files goes into a never ending loop. I stopped the search after the ftp program found over 100,000 .js files inside the tinymce plugin folder. It was showing results for a js file that went hundreds of folders deep, where upon inspecting the folder.....it doesn't go close to that level.
I also noticed that all the files are injected at the very end of the file and each injection starts with the exact same code which is:
what I would like to do is to run some sort of script that locates the "var _0xa687" string and then removes it and everything after it.
It will take me forever to locate and remove the 10,000 plus .js files that I know are there.
Does anyone have any suggestions as to how I can accomplish this?
Courtney L Bostdorff