Firstly, I have no idea what that Trojan actually is. We regularly see false positives around Moodle so there may not be anything to worry about.
The only way that the code can be updated if you have incorrect permissions. It is vital (assuming your site is accessible from the public internet) that the Moodle code files are NOT writeable by the web server user. The classic trojan in PHP code will write a whole bunch of seemingly random characters on the <?php line. That's worth a look for in common files like config.php and the main index.php
The only way that the code can be updated if you have incorrect permissions. It is vital (assuming your site is accessible from the public internet) that the Moodle code files are NOT writeable by the web server user. The classic trojan in PHP code will write a whole bunch of seemingly random characters on the <?php line. That's worth a look for in common files like config.php and the main index.php
See also Hacked_site_recovery