sirena wrote:

etc etc.

(8) As you type your password, do not whisper or think of it

....even if you are wearing your tin-foil hat ;^)

i was infected with trojan win32.arsm i think its a diff one, google search yielded very little info regarding this.. my proquota.exe was infected which wasnt seen by avira but caught by kaspersky online scanner. deleted the file and took a new exe from different computer, i guess this will work for now until i do a clean format.

Also microsoft malicous removal tool didnt saw it.

etc etc.

(8) As you type your password, do not whisper or think of it

nope there is no other files only indexes were modified.. Also while googling I found this..

http://www.bluehostforum.com/showthread.php?t=16810

I think its this one.. but how do i prevent such things from further happening? Ive been hit twice..

Some things the BlueHost post didn't mention:

(1) Don't use Adobe Acrobat as your default program to read PDF's - use something less common like Foxit Reader instead.
(2) If you must use Adobe Acrobat, go into the options and ensure Javascript within PDF's is disabled.
(3) Use another default browser - eg Opera or Firefox to browse the web.
(4) Change the passwords you use on the server for FTP access to your site immediately if you think you are under attack, and do so regularly (eg once per month) in future.
(5) Check to see if any new and unauthorised users have been created within your account that may have access to FTP for example, and delete them.
(6) Do not - repeat do not - store your passwords for FTP, SSH etc on your computer anywhere.
(7) If you can do so (depends on your host) only allow access to FTP, SSH, or your web-based site control panel etc from IP address ranges that match yours (eg the IP range of your ISP).

etc etc.

So what was it if it wasnt a virus? someone is hacking and fooling around with me?

However, defacement of only index files suggests that it was not a virus, which would instead target any files it could. It's much more likely to be something with your host. You still haven't told me how you know that no other sites on your shared server were compromised.

http://www.bluehostforum.com/showthread.php?t=16810

I think its this one.. but how do i prevent such things from further happening? Ive been hit twice..

If you're convinced the problem was FluxBB, look for files that shouldn't be there (especially PHP files). If the problem is with FluxBB, you'll find a backdoor script somewhere that allowed someone to do this.

and i use password managers so even i cant remember my passwords.

Is it possible for me to infect my sites? or my sites infected me? my computer has trojan in it right now. dont know if its the site.

As to what, specifically, they are altering, that is for you to tell us. It's your host and we ain't psychic, hence only you know the answer to that. Are they altering the DB itself? Are they altering the flatfiles? What is in your server logs? There are no known exploits in Flux, so you would most likely be better off discussing this matter directly with your host and seeing what they say.