In case you need a way to clean up after getting hit by the Download.Ject exploit…

Download.Ject malware removal tool released

Microsoft has learned of a Trojan program that is downloaded by the Download.Ject malware, also known as Scob, to client machines from infected IIS servers. When a user visits a Web site hosted on an IIS server that is infected with Download.Ject, the Web pages downloaded to the user’s system contain an additional JavaScript program that downloads another Trojan program to the user’s system. This second Trojan is called Backdoor:W32/Berbew, also known as Backdoor-AXJ, Webber, or Padodor. When this second Trojan runs on the user’s machine, it performs several actions, including:

  – Monitoring Internet access. When the user visits one of several financial or ISP Web sites, the Trojan captures sensitive information—such as log-in names, passwords, and so on—and sends it to a Web server for the Trojan’s author to retrieve.   Installing a proxy server that allows the user’s system to be used as a relay for such actions as sending spam.  Opening fake dialog boxes that prompt the user to enter confidential information such as ATM card codes, credit card numbers, and so on. This information is then sent to a Web server for the Trojan’s author to retrieve.

 Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan variants from your computer. You can download this tool from the Microsoft Download Center and run it on your computer to remove Backdoor:W32/Berbew.A, Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D, Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and Backdoor:W32/Berbew.H infections.

This tool is discussed in Microsoft Knowledge Base article 873018. This KB can be found here:

http://support.microsoft.com/default.aspx?kbid=873018

Use it in good health.