Hi Ray, sorry to bring this up again but I received these emails from the company in charge of the hosting server for springfieldky.org. Any ideas?
The same files are still infected with the Win.Trojan.Hide-2 virus. This morning at 1:24am EST, it caused additional files to be installed to the temp folder on the web server. These additional files are associated with the Conficker virus botnet and began to use our web server as a host to infect other computers on the internet.
As a result, our public IP address was blacklisted by SpamHaus (www.spamhaus.org) around 5:35am this morning. I'm going to remove these two infected files for the time being in order to get our pubic IP address unlisted. These two infected files are listed below in the previous email message.
Please replace these files and update/patch the CMS system you use to prevent this from occurring again. If I need to change the login password to the FTP sites you use to upload the web pages, please let me know.
Instead of just deleting the following files, I've removed them and replaced them with empty files of the same name with read-only access. That should prevent them from being created again, but it won't stop the addition of other infected files with different names. This just serves as band-aid relief for now.