Jump to content

Archived

This topic is now archived and is closed to further replies.

fullcreel

My site has been hacked by a trojan?

Recommended Posts

I have a web site that was operating normally until just the last week.

I am getting the following pop-up window from Avast when I go to my web site:

 

http://8908in/1293907713.php (pipe) <gzip>

JS: Downloader - AKE (Trj)

 

I don't know where to start to clean out the virus or malware.

 

Can anyone help?

Thanks

Share this post


Link to post
Share on other sites

David

 

Some links to how to clean your site and almost as importantly how to secure it is in my about me pages in my profile.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

How to Secure Your Site

 

If you can't recognize "rogue code" when you see it you may have to have someone clean it up for you. Probably not "gratis".

 

Many people who don't have a "clean" backup just erase it all and start over, a little wiser the second time around.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Put your site off line (most hosts have a tool for that in the control panel)

 

Look for your last backup (i will probably will be infected aswell)

or

Copy all your actual files zip them...

 

Remove sensitive data from it (sql dump with clients... etc... your configure.php is compromised and so it does not matter, you will have to change your keys eventually)

 

Put your files in a zip, and post it somewhere we can see it (mediafire or something like that, or at your own site.... whatever it takes), in order to help you, or to give you further advice...

 

 

I guess this proposition is more serious than typing some useless piece of information that you surely dont know what it means. (like talking about htaccess, decode, sqlinjection etc...)

 

Hope

Share this post


Link to post
Share on other sites

"Put your files in a zip, and post it somewhere we can see it (mediafire or something like that, or at your own site.... whatever it takes), in order to help you, or to give you further advice..."

 

Please DO NOT do this. Do not just give your files out to anyone. See my "about me" page where I have listed the steps to take to fix a hacked site.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

Hey burt, i was only trying to help... by posting some PROACTIVE ideas...

 

Ive been working with osc since 2005, used this forum sometimes, learned the hardway... i really wished someone would have offered himselft to helpme like i do now when i had a problem.

 

Its more than clear that this user really needs a developer, or someone who knows a little bit more... he would be asking what he asks... therefore... reading redirections to other tutorial (please guys dont take it personally) may be hopefull but not really helpfull...

 

What i did is to think outside of the box...

 

besides... look what he is posting (innitial thread) he is completely lost.... forget about a tutorial, will take a week for him at least

 

anyway, sorry if my opinion on what to do bothers you

Share this post


Link to post
Share on other sites

i think what burt is getting at oscar is the user may upload everything like you say without removing the database information from the configuration file and allowing that user to be hacked further.

Share this post


Link to post
Share on other sites

Please DO NOT do this. Do not just give your files out to anyone. See my "about me" page where I have listed the steps to take to fix a hacked site.

 

Personally I read this as why give away your site, its' design, and possibly all the product info, customer details etc to anyone and everyone. who happens to stumble across the link.

 

There are several good threads and profiles that go through how to cleanse a site that can be followed by a reasonably thorough person.

 

If you can install contributions and remove code from within scripts you will be able to sort out a high proportion of hacks.

 

That is because it is not possible to list every possible hack and new ones are coming along.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

×