ColdFusion Muse

I think there may be something missing from your last sentence... bite the bullet and go ahead and do what? Are you saying do a "thorough cleaning"? If the server cannot be trusted even after a thorough cleaning, is the advice a new server?

I'm glad to say I haven't been bitten by this particular issue, since I'm not using VBS and on Linux, but I'm always curious about serious infections. Steve Gibson has said in the past that once a machine is infected with "sophisticated" code, since even a new harddrive does not save you if the bios is infected, that anything short of a new machine can never be 100% trusted.

What does everyone think of that?

@Brian,

You are correct... that's not very clear. I mean bite the bullet and completley start over - whether that means a new server or whatever. Bios infections are very rare - but what distingishes this infect from others is that it is not really pattern based and does not appear to be automated. Instead, it appears that the individual in question is "matching wits" with an actual hacker who has control of the machine. In that case (and given what the hacker has been able to accomplish is substantial) the user may well need to start with fresh hardware - or at least low level format the drives and flash the bios (which would turn the trick in 99.999 percent of cases).

OMG how the server infected usually? I've just removed iframe infection from the customer's web site and really care of any suspicious code exists in the system. Can you please give me copy of the script? Thank you!