I’ve been busy yet again moving things on servers. I was not happy with the one I first intended to move everything onto when I found out that you can not have folders or files with write permissions (666,or 777). That and the fact that I still have not gotten all the releases for my other domains to move and remove the yahoo counter script from them as I migrate servers. I did find 9 instances where we had missed getting it all off the server and therefore out of the files. A couple of readme.html files and7 places where the entire code was not removed. Thank goodness for TextCrawler it has been a life saver. This script, that begins; “Yahoo! Counter starts” is either placed into js,htm, html or shtml pages that I have found so far. It is more complex code that is placed into php pages but it then generates the same code that can be found by viewing the pages source code. I tried in my last post to insert an image of the code, but that fails to give you a good idea of what to look for when removing it from your site. I am reluctant to post it online but will gladly share it with anyone who needs help and asks for it. The code is rather lengthy also so to place it into a post would lose you my readers. I tend to get lost in that much code myself. One of the easiest ways to remove it is to copy the entire text into TextCrawler. Then use a comment something like this and replace the code. This will work for all your web pages and takes only a few minutes. If you do not have that many infected pages you might wish to open them up individually and remove the code from each of them. But if you have something like a gallery I had been testing that ended up with over 3000 files infected I doubt you want to fix each file. I am not even going to replace them I am going to drop them when I move everything else. You can not even delete folders full of the infected files off your webserver as they are chmodded to 444 and the ownership is changed from your account to HTTPD. Without fixing that the only recourse is to delete them individually then replace them. A lot of work that my soon to be completely former host IX Webhosting will not help with or even acknowledge is their fault. You can get them to change ownership and even chmod the files back to 755 but if you do not get it fixed right away it will change back. Even if you do get everything fixed back but leave it on their server it puts the bad code back into your pages, or at least it did mine that way. If you need any help, or just want to vent over IX’s lack of help shoot me a line or comment. I’ll help what I can.