Trojan found: recatpcha.php


#1

A visitor to my site said I had a trojan. “Must be a false positive” I thought, as my virus checker didn’t find anything. But I checked manually and found a file called “recatpcha.php” (note the spelling) in the root folder and also in my “blog” folder. Luckily the timestamp was suspiciously new, and the index.php file was new as well. I compared it to the old one an sure enough there was added code and the dreaded command “post.” Being just a text file I deleted it and replaced it with the original clean one. I don’t know if this was some wordpress vulnerability (my “blog” folder is where I host wp, and it reports being up to date). Also, I can’t find much about “recatpcha.php” on Google, but thought I’d just post this as a warning.

For the record, Avast spotted the trojan, Microsoft Security Essentials did not.