View Full Version : HELP: Infected scripts .php with evil malefic viruses

03-17-2010, 08:38 PM
Beeing a new member, and this my 1st post, I would like to say a friendly "HI!" to everyone!

I'm in charge of administrating a simple PHP website. No fancy e-commerce scripts, no fancy authentification methods, just your average pic and script.

In the last few days everytime I try to acces the website my Antivirus (Kaspersky IS 2010) returns a disturbing message :

Virus/Trojan found : Exploit.JS.Agent.avl , and blocks me from viewing the website.

After downloading some random files, of random extensions .jpg, .html, .php etc. I've discovered that this evil-keep-me-busy-from-my-daily-routines virus, infects only .HTML files and .php Files.

Since the antivirus can't disinfect them, and the website wasn't made by me, and I'm not familiar with the links and everything, I can't just delete the infected file and start writting the code from scratch.

Can you guys help me ? with a good method of removing viruses from .php files ?

From what my brain has told me, it should be an evil script injected in the .php file (probably a few lines of evil code).

My solution : Disable antivirus, open .PHP file, look for nasty code, delete it and copy/overwrite it back on the website (via FTP).

If you could help me, it would be really nice...anything, advices, tips, even better, solutions!
Thank you in advance!


03-17-2010, 08:44 PM
Is this on a webhost, or your own server?
And what type of scripts are you talking about? WordPress, Joomla, or something of your own making?

03-17-2010, 10:15 PM
Nooo...it's something way simpler....jsut pics, links and a simple SQL database (that it's not working...yet).

I've upped some of the infected files. It's not a virus, just an evil script that gets executed after beeing parsed by the php server, so opening it with something harmless as notepad is no problem. Im 100% convinced that the evill code will spark in your eyes.

Until now everything is as I expected.

Step 1 : Download all .html, .php files, and scan with AV. Probably all will be infected.

Step 2 : open each file and remove the nasty piece of code . Would be swell if I could find a simple program that removes text from one file comparing it to another files.

File 1 - infected

File 2 - text to delete

Final file = File 1 - File 2; Simple in theorem, will be hard to produse.

Step 3 : replace all files by overwriting using the ftp client

03-18-2010, 02:17 AM
What webhost are you using?

If you want to, PM me with your FTP info and I'll take a look at it.

03-18-2010, 08:06 AM
it's hosted on unitehosting.com .

Sry for the late answer, I just got UP. GMT difference.

I`ll be leaving for work in 40minutes and I`ll look from there on cleaning the files.