Hello, friends,
Our website was hacked a few weeks ago. Hacker deleted our files and created two accounts: gg and scrilla. These two accounts can not be seen through Local Users and Groups in Computer Manager, but can be found under C:\Documents and Settings
We could see the modified date of ntuser.dat.LOG file under \gg and \scrilla directory changed every one or two days, indicating hackers accessed our web server from time to time. I guessed that they did so through Trojan virus.
So, I downloaded avast server version 4.7 for our Windows Server 2003, hoping it will protect our web site from hacking.
avast did find Trojan virus and deleted all of them.
I thought the modified date of ntuser.dat.LOG file would stop changing. However, I was wrong: The modified date of ntuser.dat.LOG file keeps changing, meaning that hackers can still by-pass avast, am I right?
We planned to pay if avast turned out to be good in 60 days trial period. However, this made us very frustrated.
Any ideas, suggestions? Thanks a lot for your help.