125 replies to this topic

[nikola22]

Hello guys, sadly my forum was victim of this kind of attack too. I dont know if this will help you, but it did for me, (im talking about file clean ups, large amount of files)

http://imasdeweb.com/opensource/search_and_replace/search_and_replace.php.zip

Put this file in your root web folder and run it, it will fix all infected files and will make a backup too. To prevent this from happening again, put this in your php.ini and restart web server.

disable_functions = eval, base64_decode, gzinflate

Hope this will help someone in cleaning large amount of files.

Edited by Jan Zonjee, 02 December 2011 - 03:40 PM.

[kymation]

Stock osCommerce uses eval(). Disabling it will break your store.

Regards
Jim

[kelvinJA2]

I have the same situation, can any one help? Anyone has a cleaning solution?  

[kelvinJA2]

I tried this already, not very helpful:

http://imasdeweb.com/opensource/search_and_replace/search_and_replace.php.zip

Does any one have any other solutions? Despartely need a cleaning tool!

[DunWeb]

@kelvinJA2

The only cleaning tool is YOU.  You have to manually check each and every file for malicious content and also remove an anomalous files on your server.



Chris

[kelvinJA2]

DunWeb, on 21 March 2012 - 02:56 PM, said:

@kelvinJA2

The only cleaning tool is YOU.  You have to manually check each and every file for malicious content and also remove an anomalous files on your server.



Chris

Thank you Chris, yes, I agree, I use this tool to scan the clean all malicous codes:

http://www.opensource-excellence.com/index.php?option=com_ose_mart&view=item&id=389

By chance, the tool also scan a c99 shell code in my website. I am working with the suppor team to clean the virus now, finger cross, hope my website is clean after using this tool.