Hello OH -
I have an e-commerce website -
The access seems to come through vulnerabilites in the website itself - at least that's how it happened for me - they got in through a vulnerability in my recently installed WordPress blog component.
This morning when I fired up my computer I was hit with a double-whammy. My browser is set to load my main business website in one tab and the admin login page in another. Admin page loaded just fine but there was nothing but a code/line error message showing up for my main website and it was basically offline.
As I began sending messages to my two website guys about the site being down, a Norton window popped up showing a "high" security threat. When I opened to view the details it said that MY computer was attempting an attack and referenced "gumblar" in the information.
I ran Norton immediately and it did not register any malware. Ran it again in safe mode with the same results.
I ended up having to contact Norton and pay them to remove the virus.
Meanwhile, McAfee running on my laptop never detected it - didn't register a threat when I went to the website nor was it picked up on full system scans whether running in "regular" or "safe mode."
My husband uses AVG FREE 9.0 which immediately registered the threat when he went to the website - whether or not his computer was infected we don't know. I can only assume that my laptop is now infected as my website loaded fully because of my start-up tab settings in my browser.
So far, nothing I've downloaded has picked it up on the laptop - nor have I seen a warning or record of any threat in McAfee.
My webguys found the information below and used it to identify the problem files on the website. While it won't stop a future attack, it is a good resource and allowed my guys to identify the infected files pretty quickly.
http://justcoded.com/article/gumblar-family-virus-removal-tool/
Be sure to scroll down and download the latest - the guy's trying to keep up with the latest gumblar changes.
A side-note: After going through a couple of hours with Norton controlling my computer, they had me go to some of the websites I usually visit. "My" website was up for testing so I went there first. Immediately the "threat" popped up - which was good. Checking the history in Norton, it registered "An intrustion attempt by <my computer name> was blocked. Application path /DEVICE - yada, yada, yada" just like the original attack. Norton said it was related to FireFox and told me "please don't worry about that."
I went to the website in both Google Chrome and IE8 - no warning popped up, but when I checked my history I was getting seeing the same "intrusion attempt" message. Norton, who had control of my computer at the time, clicked the "don't tell me about this again" button. At this point, I don't know if my computer is "gumblar-free" or not. Sad considering that I paid more for their service today than I paid for the Norton Internet Security 2010 software.
If you do find a good server virus protection program or anything more about gumblar detection, prevention or removal - for computers OR websites, please post - and I'll do the same.
I'm "low-tech" but get in the trenches with my guys as best I can. Today I could do nothing but wait, watch and research solutions.
wg