Upon further review of my server I have discovered several files were compromised, dating back to January 2, 2013. They appear in various places in the /CFIDE folder. Here is a list of the ones I found this morning:
C:\Inetpub\wwwroot\CFIDE\ adminapi\customtags\fusebox.cfm C:\Inetpub\wwwroot\CFIDE\administrator\scheduler\scheduleedit.cfm C:\Inetpub\wwwroot\CFIDE\administrator\security\cfrdspassword.cfm C:\Inetpub\wwwroot\CFIDE\componentutils\Application.cfm C:\Inetpub\wwwroot\CFIDE\componentutils\cfcexplorer.cfc C:\Inetpub\wwwroot\CFIDE\scripts\ajax\ext\docs\resources\pkg.cfm If your server was compromised, I suggest you do a search for any files changed within the past 2 months and you will probably find them. James F ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354316 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
