Jump to content

Trojan Issue


Recommended Posts

Hey gang


Today I went to download a full backup of my site, as I do from time to time just in case the worst does happen.


Anyway, during my download NOD32 antivirus system popped up an alert. It warned me that the .tar.gz full backup file I was downloading contained a trojan, more specifically the PHP/Rst.I trojan.


Now this immediately rang alarm bells meaning that there must be a trojan on my domain. I tried searching for PHP/Rst.I trojan on google but it didn't turn up anything of any use.


Does anyone know firstly what this trojan is? Secondly, how should I go about removing it and finding it? Obviously NOD32 alerted me to an archive, not to a specific area on my domain, I have no idea how to locate or remove it.


Any help would be greatly appreciated thanks



Link to comment
Share on other sites

I don´t use NOD so I dont know how it works, but doesn´t it tell in which file the trojan is found?

If not, and this might not be the smartest way of doing this, so be cautious, but I would extract the backup file and re run the scan and see if it then will tell what file it is.


Then delete the extracted backup files and re run the scan again to see nothing bad happened to your computer.

Link to comment
Share on other sites

Well as it was just the archive all NOD told me was that there was a trojan present in it, at which point I terminated the download. I will download it again and if it happens again then I will try what you say.


Cheers for the suggestion

Link to comment
Share on other sites

ok never mind then, NOD32 seems pretty decent and so will probably keep things in check through downloading backups.



one final question (sorry to bug you so much), I want to change my MySQL user passwords too while I am at it, is there anyway to do this via cpanel, only way I can see is by deleting a user and remaking them.

Edited by OJB
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...