1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

eval base64 virus

Discussion in 'BlackHat Lounge' started by souldetective, Oct 1, 2012.

  1. souldetective

    souldetective Regular Member

    Joined:
    Apr 4, 2011
    Messages:
    352
    Likes Received:
    98
    Occupation:
    Electrical Engineer, internet marketer, Black hatt
    Location:
    Always in BHW
    Hi

    all my php files have been infected with this iframe code and it generates a file that contains IP addresses in root directory.

    Is there any solution? confirmed solution.. i have tried alot but i am failed. i update index.php file, virus gets remove but after some time it appears on my websites again..

    what to do?
     
  2. souldetective

    souldetective Regular Member

    Joined:
    Apr 4, 2011
    Messages:
    352
    Likes Received:
    98
    Occupation:
    Electrical Engineer, internet marketer, Black hatt
    Location:
    Always in BHW
    Anyone please
     
  3. uptonormal

    uptonormal Registered Member

    Joined:
    Jul 12, 2009
    Messages:
    61
    Likes Received:
    11
    Is you website running wordpress?
    Check if you are using any old versions of timthumb, old timthumb is having that issue.
     
  4. yack09

    yack09 Newbie

    Joined:
    Jul 6, 2009
    Messages:
    48
    Likes Received:
    2
    Also check if you have uptodate FTP program. If no, install new version and change password.
     
  5. souldetective

    souldetective Regular Member

    Joined:
    Apr 4, 2011
    Messages:
    352
    Likes Received:
    98
    Occupation:
    Electrical Engineer, internet marketer, Black hatt
    Location:
    Always in BHW
    i am still unable to identify the backdoor...anyone please
     
  6. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    434
    Likes Received:
    239
    download all the file and then do a search using notepad++ to remove it.
    you will need to remove it completely to make sure there no backdoor anymore...