Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page Site Contains Virus? Solution?
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 01-02-2012, 09:03 PM
ppgear ppgear is offline
 
Join Date: Feb 2010
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I have some of the same extra files as you:
blog_search.php
commons.php
coms.php
jquery.php

But not the HTML files you have.

I'm still having trouble though. I followed the steps suggested:

1. Suspect File Versions. Done, found those extra PHP files above and renamed them.
2. Disabled all plugins (only VBseo)
3. Exported the database, searched the SQL for the offending domain names and IP addresses. None found.
4. Searched through my files for the domain names and IP addresses. None found. (Is it possible that it's encrypted in the files somehow so a search wouldn't find it?)
5. I don't have ads running, so that's not a problem.

Just wondering, do web servers cache files? So if I make a change and refresh (delete my own browser cache first), and I still get virus issues, is it possible the change DID work, except the server has it cached temporarily?

--------------- Added [DATE]1325542075[/DATE] at [TIME]1325542075[/TIME] ---------------

By the way, I found the offending domains/IPs by using Firefox/FireBug, in the "Net" tab it shows all the files requested, and there I saw some files being requested from other domains:

URL, Status, Domain, Size, Remote IP
GET http://44444vvvvv.mefound.com/dng311...cfc3b06a/0.php, 302 Found, 44444vvvvv.mefound.com, 20 B, 95.163.89.230:80
GET http://44444vvvvv.mefound.com/dng311...c3b06a/spl.php, 302 Found, 44444vvvvv.mefound.com, 20 B, 95.163.89.230:80
GET http://kokosina.in/t/go.php?sid=5, 302 Found, kokosina.in, 20 B, 46.37.184.227:80

These are the domains/IPs I searched for in the SQL and in the files. I also spotted those PHP files as weird because they had recent "modified" dates whereas the original files were untouched.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 10:11 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.13813 seconds
  • Memory Usage 2,838KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (17)post_thanks_box
  • (1)post_thanks_box_bit
  • (17)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (17)post_thanks_postbit_info
  • (17)postbit
  • (1)postbit_attachment
  • (17)postbit_onlinestatus
  • (17)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete