Hi
Help please... my webhost found this and suggests there is a lot more. How can I effectively clean up this install please.. only components I have added is:
Jomsocial
Nivo Slider,
Digital Store and
Easyblog
It seems that there are A LOT of php files exploited in your Joomla installation. Some of them are:
/includes/database.mysqli.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/mambo.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/database.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/Archive/Tar.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./joomla.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/mygoogleads.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/nicetalk.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/kunena.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/myblogtoolbar.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/nicetalk/jax.nicetalk.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/twitter.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/wordfilter.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_rss.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_rss_lite.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_lite_parser.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_lite_include.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
/plugins/editors-xtd/myphotos.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors-xtd/jcommentson.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/joomla.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/jcomments.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/example.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/jomsocialuser.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/none.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/xstandard/directory.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
e64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/fr.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/en.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/de.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/lv.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/zh-tw.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/hu.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/zh-cn.php: Suspicious(base64_decode): hp eval(bas
./plugins/system/Zend/Service/Nirvanix/Exception.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/Image.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/VideoResultSet.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/PageDataResultSet.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/InlinkDataResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/Result.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/ImageResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/NewsResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
via Joomla! http://forum.joomla.org/viewtopic.php?t=830514&p=3120990#p3120990
Help please... my webhost found this and suggests there is a lot more. How can I effectively clean up this install please.. only components I have added is:
Jomsocial
Nivo Slider,
Digital Store and
Easyblog
It seems that there are A LOT of php files exploited in your Joomla installation. Some of them are:
/includes/database.mysqli.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/mambo.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/database.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/Archive/Tar.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./joomla.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/mygoogleads.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/nicetalk.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/kunena.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/myblogtoolbar.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/nicetalk/jax.nicetalk.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/twitter.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/community/wordfilter.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_rss.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_rss_lite.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_lite_parser.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./includes/domit/xml_domit_lite_include.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
/plugins/editors-xtd/myphotos.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors-xtd/jcommentson.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/joomla.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/jcomments.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/example.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/user/jomsocialuser.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/none.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/xstandard/directory.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
e64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/fr.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/en.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/de.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/lv.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/zh-tw.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/hu.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/zh-cn.php: Suspicious(base64_decode): hp eval(bas
./plugins/system/Zend/Service/Nirvanix/Exception.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/Image.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/VideoResultSet.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/PageDataResultSet.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/InlinkDataResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/Result.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/ImageResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
./plugins/system/Zend/Service/Yahoo/NewsResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv
Statistics: Posted by reyach — Tue Dec 24, 2013 7:07 pm
via Joomla! http://forum.joomla.org/viewtopic.php?t=830514&p=3120990#p3120990
No comments:
Post a Comment