Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Mar 2010
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    HELP: Infected scripts .php with evil malefic viruses

    Beeing a new member, and this my 1st post, I would like to say a friendly "HI!" to everyone!

    I'm in charge of administrating a simple PHP website. No fancy e-commerce scripts, no fancy authentification methods, just your average pic and script.

    In the last few days everytime I try to acces the website my Antivirus (Kaspersky IS 2010) returns a disturbing message :

    Virus/Trojan found : Exploit.JS.Agent.avl , and blocks me from viewing the website.

    After downloading some random files, of random extensions .jpg, .html, .php etc. I've discovered that this evil-keep-me-busy-from-my-daily-routines virus, infects only .HTML files and .php Files.

    Since the antivirus can't disinfect them, and the website wasn't made by me, and I'm not familiar with the links and everything, I can't just delete the infected file and start writting the code from scratch.

    Can you guys help me ? with a good method of removing viruses from .php files ?


    From what my brain has told me, it should be an evil script injected in the .php file (probably a few lines of evil code).

    My solution : Disable antivirus, open .PHP file, look for nasty code, delete it and copy/overwrite it back on the website (via FTP).

    If you could help me, it would be really nice...anything, advices, tips, even better, solutions!
    Thank you in advance!

    ,Adrian

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,472
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    Is this on a webhost, or your own server?
    And what type of scripts are you talking about? WordPress, Joomla, or something of your own making?

  • #3
    New Coder
    Join Date
    Mar 2010
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Nooo...it's something way simpler....jsut pics, links and a simple SQL database (that it's not working...yet).

    I've upped some of the infected files. It's not a virus, just an evil script that gets executed after beeing parsed by the php server, so opening it with something harmless as notepad is no problem. Im 100% convinced that the evill code will spark in your eyes.



    Until now everything is as I expected.

    Step 1 : Download all .html, .php files, and scan with AV. Probably all will be infected.

    Step 2 : open each file and remove the nasty piece of code . Would be swell if I could find a simple program that removes text from one file comparing it to another files.

    File 1 - infected

    File 2 - text to delete

    Final file = File 1 - File 2; Simple in theorem, will be hard to produse.

    Step 3 : replace all files by overwriting using the ftp client
    Attached Files Attached Files
    Last edited by Buzdugan; 03-17-2010 at 10:18 PM.

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,472
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    What webhost are you using?

    If you want to, PM me with your FTP info and I'll take a look at it.

  • #5
    New Coder
    Join Date
    Mar 2010
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts
    it's hosted on unitehosting.com .

    Sry for the late answer, I just got UP. GMT difference.

    I`ll be leaving for work in 40minutes and I`ll look from there on cleaning the files.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •