Announcement

Collapse
No announcement yet.

Suspect file in includes?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Simon Lloyd
    replied
    Thanks all, i knew it didn't exist in the standard package, i thought it belonged to an add on (mod) that someone mights recognise. HMBeaty at least that link narrowed it down to which mod.

    The infection isn't on my site. What it did to this poor users forum was delete the forumid column from the forum table and you have to rebuild the templates table. Just ALTERing and adding a forumid column isn't much good really as all the forum id's are then wrong and have to be adjusted manually.

    Reading through the offending script it shows that they pretty much scrape everything from your server and databases, when i say everything i mean EVERYTHING!

    Don't you just hate folk like that??

    Leave a comment:


  • HMBeaty
    replied
    http://www.keleko.com/2011/fixes-for...y-team-animus/

    Leave a comment:


  • PossumX
    replied
    Suspect file in includes?

    Like said above, not a vB file, you've been compromised at the server level.

    Leave a comment:


  • TheNewOne
    replied
    no php file with that name in that folder

    Leave a comment:


  • Simon Lloyd
    started a topic Suspect file in includes?

    Suspect file in includes?

    Hi can anyone tell me if there should be a file called vbf.php in /includes?

    I downloaded this folder and my AV shows this File name:\includes\vbf.php Threat name: PHP/BackDoor.C99Shell
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X