I use an older version of WSFTP (8.0). I wanted to backup the .ini file that holds all the site configurations. I was unable to locate it, but eventually search enough and found it.
WS support says the path is:
C:\Users\<username>\AppData\Roaming\Ipswitch\WS_FTP\Sites
Here is the path I needed to get the file.
C:\users\<username>\AppData\local\VirtualStore\Program Files(x86)\Common Files\Ipswitch\WS_FTP\Sites\WS_FTP.ini
I hope this helps someone.
I have another client’s site attacked by Sejeal. Again I found a “sejeal.JPG” file in the root directory. Client called me saying the hyperlinks don’t work. Browser was giving back 404 error.
I found this article that shed some light on the matter. One of my main tools “JCEditor” has a vulnerability that attackers are exploiting.
http://www.prolateral.com/news-section/news-news/289-has-your-joomla-website-been-hacked.html
I recently installed a audio driver to fix a problem with the “what you hear” input device. Shortly after that when browsing hyperlinks would throw pop-up window linking to an ad for something. Here is an example.
At the bottom of the window was “Coupon Companion Plugin” banner. With some research I found this is adware.
http://malwaretips.com/blogs/remove-coupon-companion-ads/
I followed the steps to remove the adware. Hoping this works. I doing this I also discovered my machine also had “InfoAtoms” on it . More adware. I followed the following article to remove this as well.
http://www.uninstallgeek.com/programs/infoatoms-1-0-10-0-uninstall-tool.html
It seems we can expect more of this in the future. Stay safe my friends.