Jump to content

How To Remove Java.bytever Virus From A Php Index?

Rohan

By Rohan
in Security Discussions

 Share

Recommended Posts

Rohan Explorer

Rohan

Posted
Posted

Dear Friends,

 

Apparently there is a virus (JAVA_BYTEVER.C and JAVA_BYTEVER.A) in my phpBB forum index page at:

http://www.lankalibrary.com/phpBB/

 

As you open this page the virus get downloaded to your PC. This is detected in Symantec, eTrust and with office scan. I have already got few complains on this.

 

Can somebody please explain to me how I can remove this virus from this page? :goof:

 

Thank you in advance,

 

Rohan

TCH-Thomas Grand Master

TCH-Thomas

Posted
Posted

Hi and welcome to the forum, Rohan. :goof:

 

I am not sure if this is the best/easiest way but I would download the phpbb folder and its database or a backup of the whole site to my pc and then locally scan it with Norton etc to see which file that have the virus and go from there.

TCH-BillH Community Regular

TCH-BillH

Posted
Posted

It looks like someone has updated your forum for the topic that reads:

 

"If you are looking for information, please post your request here!" and added the link for the PHP file in that. You should be able to update that title and remove it.

 

I wouild also do as Thomas suggested and upgrade your forum.

 

Keep us posted!

Rohan Explorer

Rohan

Posted
  • Author
Posted
It looks like someone has updated your forum for the topic that reads:

 

"If you are looking for information, please post your request here!" and added the link for the PHP file in that.  You should be able to update that title and remove it.

 

I wouild also do as Thomas suggested and upgrade your forum.

 

Keep us posted!

 

 

Hi BillH,

You are a genius! As you correctly said somebody has added a hidden link to a php file in that specific place. I just removed the link and now the problem is solved. How did you find that out?

Thanks a lot! :D :dance:

Rohan

 

ps: I also upgraded to 2:0:15 version. I still do not have the option for 2:0:16!

TCH-BillH Community Regular

TCH-BillH

Posted
Posted

Hi Rohan,

 

I did a search on the source code for the IP address that was used in the link, to download the PHP file. I saw that it occurred right after that subject title.

 

:D

 

Glad things are working well again and that you upgraded the BB to 2.0.15. That will help! :dance:

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...