Jump to content

eval(base64_decode


Recommended Posts

Hello

I wonder if anyone can help me please.

I have malware in my website which keeps injecting in two index.php files, one in the root folder and the other in sitemap. It does it every few hours. I have changed all the passwords and uninstalled and reinstalled wordpress which was on the blog page. The rest of the site is in php and html. Today, I also removed the wordpress files completely from the site, but the injection of malware has not stopped.

I am attaching this code in a txt file. I tried to decode it here- http://www.tareeinternet.com/scripts/base.html. Have not got very far as yet, I am afraid!

I wonder what can I do next to eliminate this malware?

Thanks a lot.

malicious_code.txt

The file did not upload successfully earlier.

Link to post
Share on other sites

  • 2 weeks later...

Meditate,

I spent a few minutes looking at this, what it seems to do is inject some javascript into the page, it may even actually try to spoof search engine results(based on the list of UserAgents contained in the first bit of code). I did not get very far with it.

The fact that this keeps appearing even after you've removed Wordpress and changed all the passwords make me think your system has been compromised somewhere else, however this is not my area of expertise.

Link to post
Share on other sites

  • Staff

Check out this link with information by one of our staff members:

http://www.malwaredomainlist.com/forums/index.php?topic=3122.0

Let's see if your computer is infected.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.